A LoSS based on-line detection of abnormal traffic using dynamic detection threshold

Authors:
Zhengmin Xia;Songnian Lu;Jianhua Li;Aixin Zhang
Affiliations:
Department of Electronic Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai, P.R. China;Department of Electronic Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai, P.R. China;Department of Electronic Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai, P.R. China;School of Information Security Engineering, Key Lab of Information Security Integrated Management Research, Shanghai Jiao Tong University, Shanghai, P.R. China
Venue:
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Year:
2009

Citing 6
Cited 0

On the self-similar nature of Ethernet traffic (extended version)

IEEE/ACM Transactions on Networking (TON)
Wide area traffic: the failure of Poisson modeling

IEEE/ACM Transactions on Networking (TON)
Self-similarity in World Wide Web traffic: evidence and possible causes

IEEE/ACM Transactions on Networking (TON)
On the wavelet spectrum diagnostic for Hurst parameter estimation in the analysis of Internet traffic

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Long range dependent trafic
Practical test-functions generated by computer algorithms

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
Wavelet analysis of long-range-dependent traffic

IEEE Transactions on Information Theory

Quantified Score

Hi-index	0.00

Visualization

Abstract

Abnormal traffic detection is a difficult problem in network management and network security. This paper proposed an abnormal traffic detection method based on LoSS (loss of self-similarity) through comparing the difference of Hurst parameter distribution under the network normal and abnormal traffic time series conditions. This method adopted wavelet analysis to estimate the Hurst parameter of network traffic in large time-scale, and the detection threshold could self-adjusted according to the extent of network traffic self-similarity under normal conditions. The test results on data set from Lincoln Lab of MIT demonstrate that the new detection method has the characteristics of dynamic self-adaptive and higher detection rate, and the detection speed is also improved by one time segment.