Detecting Network Attacks in the Internet via Statistical Network Traffic Normality Prediction

Authors:
Jun Jiang;Symeon Papavassiliou
Affiliations:
New Jersey Center for Wireless Networking and Internet Security, Electrical and Computer Engineering Department, New Jersey Institute of Technology, University Heights, Newark, New Jersey 07102;New Jersey Center for Wireless Networking and Internet Security, Electrical and Computer Engineering Department, New Jersey Institute of Technology, University Heights, Newark, New Jersey 07102
Venue:
Journal of Network and Systems Management
Year:
2004

Citing 9
Cited 6

Radial basis functions for multivariable interpolation: a review

Algorithms for approximation
A resource-allocating network for function interpolation

Neural Computation
Constructive incremental learning from only local information

Neural Computation
How to Increase Security in Mobile Networks by Anomaly Detection

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Information-Theoretic Measures for Anomaly Detection

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Defending against flooding-based distributed denial-of-service attacks: a tutorial

IEEE Communications Magazine
Network intrusion and fault detection: a statistical anomaly approach

IEEE Communications Magazine
Securing ad hoc networks

IEEE Network: The Magazine of Global Internetworking
Internet infrastructure security: a taxonomy

IEEE Network: The Magazine of Global Internetworking

One step ahead to multisensor data fusion for DDoS detection

Journal of Computer Security - Special issue on security track at ACM symposium on applied computing 2004
Anomaly Detection Aiming Pro-Active Management of Computer Network Based on Digital Signature of Network Segment

Journal of Network and Systems Management
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet

Journal of Network and Systems Management
Asset priority risk assessment using hidden markov models

Proceedings of the 10th ACM conference on SIG-information technology education
Enhancing network traffic prediction and anomaly detection via statistical network traffic separation and combination strategies

Computer Communications
Topology aware internet traffic forecasting using neural networks

ICANN'07 Proceedings of the 17th international conference on Artificial neural networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

The information technology advances that provide new capabilities to the network users and providers, also provide powerful new tools for network intruders that intend to launch attacks on critical information resources. In this paper we present a novel network attack diagnostic methodology, based on the characterization of the dynamic statistical properties of normal network traffic. The ability to detect network anomalies and attacks as unacceptable when significant deviations from the expected behavior occurs. Specifically, to provide an accurate identification of the normal network traffic behavior, we first develop an anomaly-tolerant nonstationary traffic prediction technique that is capable of removing both single pulse and continuous anomalies. Furthermore, we introduce and design dynamic thresholds, where we define adaptive anomaly violation conditions as a combined function of both magnitude and duration of the traffic deviations. Finally numerical results are presented that demonstrate the operational effectiveness and efficiency of the proposed approach under the presence of different attacks, such as mail-bombing attacks and UDP flooding attacks.