DocumentCode
1691076
Title
Network traffic behavior analysis by decomposition into control and data planes
Author
AsSadhan, Basil ; Kim, Hyong ; Moura, José M F ; Wang, Xiaohui
Author_Institution
Electr. & Comput. Eng. Dept., Carnegie Mellon Univ., Pittsburgh, PA
fYear
2008
Firstpage
1
Lastpage
8
Abstract
In this paper, we analyze network traffic behavior by decomposing header traffic into control and data planes to study the relationship between the two planes. By computing the cross-correlation between the control and data traffics, we observe a general ´similar´ behavior between the two planes during normal behavior, and that this similarity is affected during abnormal behaviors. This allows us to focus on abnormal changes in network traffic behavior. We test our approach on the Network Intrusion Dataset provided by the Information Exploration Shootout (IES) project and the 1999 DARPA Intrusion detection Evaluation Dataset from the MIT Lincoln Lab. We find that TCP control and data traffic have high correlation levels during benign normal applications. This correlation is reduced when attacks that affect the aggregate traffic are present in the two datasets.
Keywords
computer networks; security of data; telecommunication security; telecommunication traffic; transport protocols; TCP control; computer network intrusion detection; cross-correlation function; data traffic; network traffic behavior analysis; Aggregates; Communication system traffic control; Computer networks; Data engineering; Data security; Detectors; Intrusion detection; Telecommunication traffic; Testing; Traffic control; Network traffic analysis; abnormal behavior; anomaly detection; cross-correlation function; long-range dependence;
fLanguage
English
Publisher
ieee
Conference_Titel
Parallel and Distributed Processing, 2008. IPDPS 2008. IEEE International Symposium on
Conference_Location
Miami, FL
ISSN
1530-2075
Print_ISBN
978-1-4244-1693-6
Electronic_ISBN
1530-2075
Type
conf
DOI
10.1109/IPDPS.2008.4536559
Filename
4536559
Link To Document