Title :
Traffic Anomaly Detection in the presence of P2P traffic
Author :
Ali, Shady ; Kui Wu ; Khan, Haidar
Author_Institution :
Dept. of Comput. Sci., Univ. of Victoria, Victoria, BC, Canada
Abstract :
Recent estimates suggest that p2p traffic comprises a significant fraction of today´s Internet traffic. Previous work has shown that p2p traffic can have a considerable adverse impact on the accuracy (detection and false alarm rates) of Anomaly Detection Systems (ADSs). In this paper, we propose a solution to mitigate this accuracy degradation by identifying novel traffic features which can accurately discriminate between p2p and attack traffic. Using these features, we develop a traffic preprocessor which compensates for the negative effects of p2p traffic on anomaly detection. Our solution does not rely on any p2p traffic classifier and is thus more robust and efficient. We implement and empirically evaluate the proposed solution on an OpenFlow testbed with four prominent non-proprietary ADSs. Experimental results show that our proposed method provides about 35% increase in detection rate and about 50% decrease in false alarm rates.
Keywords :
Internet; computer network security; pattern classification; peer-to-peer computing; telecommunication traffic; ADS; Internet traffic; OpenFlow testbed; accuracy degradation; anomaly detection systems; attack traffic; negative effect compensation; p2p traffic classifier; traffic anomaly detection; traffic feature identification; traffic preprocessor; Accuracy; Detectors; Educational institutions; Floods; IP networks; Internet; Limiting;
Conference_Titel :
Local Computer Networks (LCN), 2014 IEEE 39th Conference on
Conference_Location :
Edmonton, AB
Print_ISBN :
978-1-4799-3778-3
DOI :
10.1109/LCN.2014.6925822
