• DocumentCode
    2840297
  • Title

    Conversation exchange dynamics for real-time network monitoring and anomaly detection

  • Author

    Zachary, John ; McEachen, John ; Ettlich, Dan

  • Author_Institution
    Dept. of Comput. Sci. & Eng., South Carolina Univ., Columbia, SC, USA
  • fYear
    2004
  • fDate
    8-9 April 2004
  • Firstpage
    59
  • Lastpage
    70
  • Abstract
    We present a model for real-time network monitoring and anomaly detection that provides a holistic view of network conversation exchanges. We argue that monitoring and anomaly detection are necessary mechanisms for ensuring secure and dependable network computing infrastructure. The model for network traffic exchange is based on a modified Ehrenfest urn model. The motivation for the model is heavily influenced by the success of statistical physics to provide macrostate descriptions of physical systems when the exact microstate parameters of each element in the system precludes understanding from first principles. The conversation exchange dynamics model for real-time network monitoring and anomaly detection is formally described. The model induces a unique real-time visualization capability for network monitoring and detection of anomalous events. An implementation of the model and visualization capability is presented along with laboratory tests and successful detection of real world events, including a Code Red worm attack.
  • Keywords
    authorisation; computer networks; message authentication; telecommunication security; telecommunication traffic; Code Red worm attack; Ehrenfest urn model; denial of service; network anomaly detection; network conversation exchange dynamics model; network traffic exchange; real-time network monitoring; secure network computing; Computer crime; Computer networks; Computer worms; Computerized monitoring; Event detection; Intrusion detection; Payloads; Protocols; Telecommunication traffic; Visualization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2004. Proceedings. Second IEEE International
  • Print_ISBN
    0-7695-2117-7
  • Type

    conf

  • DOI
    10.1109/IWIA.2004.1288038
  • Filename
    1288038