Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Hi-index | 0.00 |
Traffic analysis based only on IP address is a new research area where traffic anomalies can be detected by studying clusters of IP addresses extracted from traveling packets. Such analysis is normally spatial and needs IP addresses to be put in a multi-dimensional map. This paper proposes a novel method that converts such maps to 2-dimensional graphical form and applies video compression techniques to create MPEG-2 VBR movies where frames are individual snapshots of IP space in time. The paper proves that this combination is suitable for traffic monitoring and detection of DDOS attacks as well as large-scale traffic anomalies caused by social phenomena.