DocumentCode :
122547
Title :
Traffic Anomaly Detection in the presence of P2P traffic
Author :
Ali, Shady ; Kui Wu ; Khan, Haidar
Author_Institution :
Dept. of Comput. Sci., Univ. of Victoria, Victoria, BC, Canada
fYear :
2014
fDate :
8-11 Sept. 2014
Firstpage :
482
Lastpage :
485
Abstract :
Recent estimates suggest that p2p traffic comprises a significant fraction of today´s Internet traffic. Previous work has shown that p2p traffic can have a considerable adverse impact on the accuracy (detection and false alarm rates) of Anomaly Detection Systems (ADSs). In this paper, we propose a solution to mitigate this accuracy degradation by identifying novel traffic features which can accurately discriminate between p2p and attack traffic. Using these features, we develop a traffic preprocessor which compensates for the negative effects of p2p traffic on anomaly detection. Our solution does not rely on any p2p traffic classifier and is thus more robust and efficient. We implement and empirically evaluate the proposed solution on an OpenFlow testbed with four prominent non-proprietary ADSs. Experimental results show that our proposed method provides about 35% increase in detection rate and about 50% decrease in false alarm rates.
Keywords :
Internet; computer network security; pattern classification; peer-to-peer computing; telecommunication traffic; ADS; Internet traffic; OpenFlow testbed; accuracy degradation; anomaly detection systems; attack traffic; negative effect compensation; p2p traffic classifier; traffic anomaly detection; traffic feature identification; traffic preprocessor; Accuracy; Detectors; Educational institutions; Floods; IP networks; Internet; Limiting;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Local Computer Networks (LCN), 2014 IEEE 39th Conference on
Conference_Location :
Edmonton, AB
Print_ISBN :
978-1-4799-3778-3
Type :
conf
DOI :
10.1109/LCN.2014.6925822
Filename :
6925822
Link To Document :
بازگشت