IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
IEEE Security and Privacy
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PISA: automatic extraction of traffic signatures
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Traffic flooding attack detection with SNMP MIB using SVM
Computer Communications
Traffic growth analysis over three years in enterprise networks
APCC'09 Proceedings of the 15th Asia-Pacific conference on Communications
An in-depth analysis on traffic flooding attacks detection and system using data mining techniques
Journal of Systems Architecture: the EUROMICRO Journal
Hi-index | 0.00 |
Traffic anomalies are characterized by unusual and significant changes in a network traffic behavior. They can be malicious or unintentional. Malicious traffic anomalies can be caused by attacks, abusive network usage and worms or virus propagations. However unintentional ones can be caused by failures, flash crowds or router misconfigurations. In this paper, we present an anomaly detection system derived from the anomaly detection schema presented by Mei-Ling Shyu in [12] and based on periodic SNMP data collection. We have evaluated this system against some common attacks and found that some (Smurf, Sync flood) are better detected than others (Scan). Then we have made use of this system in order to detect traffic anomalies in the Tunisian National University Network (TNUN). For this, we have collected network traffic traces from the Management Information Base MIB of the central firewall of the TNUN network. After that, we calculated the inter-anomaly times distribution and the anomaly durations distribution. We showed that anomalies were prevalent in the TNUN network and that most anomalies lasted less than five minutes.