Title :
Identifying Anomalous Traffic Sources Using Flow Statistics
Author :
Kawahara, Ryoichi ; Kamiyama, Noriaki ; Harada, Shigeaki ; Hasegawa, Haruhisa ; Asano, Shoichiro
Author_Institution :
NTT Service Integration Labs., NTT Corp., Musashino
Abstract :
We propose a method of identifying anomalous traffic sources using flow statistics. We have investigated a way of detecting whether or not anomalies occur by observing the behavior of several time-series of flow statistics such as the number of flows. After detecting the occurrences of network anomalies, we need to identify the source of the anomalies. In this paper, we describe a method of identifying anomalous traffic sources. For this purpose, we apply data mining approaches such as the K-nearest neighbor method, naive Bayesian classifier, neural network, and support vector machine. We show how to use such approaches to identify anomalous traffic sources by using flow statistics. We also show evaluation results for the effectiveness of our approach using two measurement data sets.
Keywords :
data mining; security of data; telecommunication security; telecommunication traffic; time series; K-nearest neighbor method; data mining; flow statistics time-series; identifying anomalous traffic source; naive Bayesian classifier; network anomaly; neural network; support vector machine; Data mining; Fluid flow measurement; Neural networks; Niobium compounds; Sampling methods; Statistical analysis; Statistics; Support vector machine classification; Support vector machines; Telecommunication traffic;
Conference_Titel :
Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE
Conference_Location :
New Orleans, LO
Print_ISBN :
978-1-4244-2324-8
DOI :
10.1109/GLOCOM.2008.ECP.294
