Identifying Anomalous Traffic Sources Using Flow Statistics

Author

Kawahara, Ryoichi ; Kamiyama, Noriaki ; Harada, Shigeaki ; Hasegawa, Haruhisa ; Asano, Shoichiro

Author_Institution

NTT Service Integration Labs., NTT Corp., Musashino

fYear

2008

Firstpage

1

Lastpage

5

Abstract

We propose a method of identifying anomalous traffic sources using flow statistics. We have investigated a way of detecting whether or not anomalies occur by observing the behavior of several time-series of flow statistics such as the number of flows. After detecting the occurrences of network anomalies, we need to identify the source of the anomalies. In this paper, we describe a method of identifying anomalous traffic sources. For this purpose, we apply data mining approaches such as the K-nearest neighbor method, naive Bayesian classifier, neural network, and support vector machine. We show how to use such approaches to identify anomalous traffic sources by using flow statistics. We also show evaluation results for the effectiveness of our approach using two measurement data sets.

Keywords

data mining; security of data; telecommunication security; telecommunication traffic; time series; K-nearest neighbor method; data mining; flow statistics time-series; identifying anomalous traffic source; naive Bayesian classifier; network anomaly; neural network; support vector machine; Data mining; Fluid flow measurement; Neural networks; Niobium compounds; Sampling methods; Statistical analysis; Statistics; Support vector machine classification; Support vector machines; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2008. IEEE GLOBECOM 2008. IEEE

Conference_Location

New Orleans, LO

ISSN

1930-529X

Print_ISBN

978-1-4244-2324-8

Type

conf

DOI

10.1109/GLOCOM.2008.ECP.294

Filename

4698069