Independent component analysis: algorithms and applications
Neural Networks
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Observed structure of addresses in IP traffic
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
The monitoring and early detection of internet worms
IEEE/ACM Transactions on Networking (TON)
Role classification of hosts within enterprise networks based on connection patterns
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
A parameterizable methodology for Internet traffic flow profiling
IEEE Journal on Selected Areas in Communications
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
Hi-index | 0.00 |
The randomness of the network behaviors poses serious challenges for discovering the abnormal patterns in network traffic flows. This paper presents a method based on blind source separation approach for detecting abnormal traffic flows. It decomposes the network traffic into two components: the routine pattern and the abnormal pattern. The scale-space filter with adaptive scale is applied to filter the noise without affecting the main behavior patterns which can be used to form the abnormal traffic metrics and profiles. The zero-crossing method is applied to extract the stochastic behavior pulse widths and the largest width is selected as the scale space factor. In this way, the influence of the inherent randomness could be removed or greatly reduced. The extracted patterns of the routine behaviors imply the user's habit and the abnormal patterns are useful for discovering anomalous behaviors such as scanning, flooding and content distribution attacks. A salient feature of the method is that no supervised learning process is needed. This is a very important advantage since obtaining labeled samples in traffic monitoring is extremely difficult. Experimental results based on the datasets of an actual network show that this method is effective for monitoring anomaly traffic flows in the gigabytes traffic environment and the identification accuracy is above 95%.