Baseline traffic modeling for anomalous traffic detection on network transit points

Authors:
Yoohee Cho;Koohong Kang;Ikkyun Kim;Kitae Jeong
Affiliations:
Network Lab., KT, Daejeon, South Korea;Dept. of Information and Communications Engineering, Seowon University, Chongju, South Korea;Information Security Research Division, ETRI, Daejeon, South Korea;Network Lab., KT, Daejeon, South Korea
Venue:
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
Year:
2009

Citing 5
Cited 0

Characteristics of network traffic flow anomalies

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Network traffic anomaly detection based on packet bytes

Proceedings of the 2003 ACM symposium on Applied computing
Aberrant Behavior Detection in Time Series for Network Monitoring

LISA '00 Proceedings of the 14th USENIX conference on System administration
Characteristic analysis of internet traffic from the perspective of flows

Computer Communications
Anomaly detection in IP networks

IEEE Transactions on Signal Processing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Remarkable concerns have been made in recent years towards detecting the network traffic anomalies in order to protect our networks from the persistent threats of DDos and unknown attacks. As a preprocess for many state-of-the-art attack detection technologies, baseline traffic modeling is a prerequisite step to discriminate anomalous flow from normal traffic. In this paper, we analyze the traffic from various network transit points on ISP backbone network and present a baseline traffic model using simple linear regression for the imported NetFlow data; bits per second and flows per second. Our preliminary explorations indicate that the proposed modeling is very effective to recognize anomalous traffic on the real networks.