Dynamic modeling of Internet traffic for intrusion detection

Author

Jonckheere, E. ; Shah, K. ; Bohacek, S.

Author_Institution

Univ. of Southern California, Los Angeles, CA, USA

Volume

3

fYear

2002

fDate

2002

Firstpage

2436

Abstract

Computer network traffic is analyzed via state space models and statistical techniques such as linear and nonlinear canonical correlation analyses and mutual information. As an application, the models and the statistical techniques are utilized to detect UDP flooding attacks. This work indicates that mutual information is a powerful tool for the detection of such attacks. Our approach is topology independent and our findings are tested on the so-called dumbbell and parking-lot topologies.

Keywords

Internet; computer crime; correlation methods; state-space methods; statistical analysis; telecommunication traffic; Internet traffic; UDP flooding attacks; computer network traffic analysis; dumbbell topology; dynamic modeling; intrusion detection; linear canonical correlation analyses; mutual information; nonlinear canonical correlation analyses; parking-lot topology; state space models; statistical techniques; topology independent approach; Application software; Computer networks; Information analysis; Internet; Intrusion detection; Mutual information; State-space methods; Telecommunication traffic; Topology; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

American Control Conference, 2002. Proceedings of the 2002

ISSN

0743-1619

Print_ISBN

0-7803-7298-0

Type

conf

DOI

10.1109/ACC.2002.1024008

Filename

1024008