Detecting low-rate periodic events in Internet traffic using renewal theory

Author

McPherson, Sean ; Ortega, Antonio

Author_Institution

Ming Hsieh Dept. of Electr. Eng., Univ. of Southern California, Los Angeles, CA, USA

fYear

2011

fDate

22-27 May 2011

Firstpage

4336

Lastpage

4339

Abstract

In our previous work [1, 2] we studied detection of anomalies in packet arrival times for computer networks, most detection of denial of-service (DoS) attacks in Internet traffic. In this paper we reformulate the detection method proposed in [1] using renewal theory, providing several useful extensions. This reformulation also leads to a method that would be applicable to numerous real life signals that exist as discrete events, e.g., biological signals. Most importantly renewal theory allows us to characterize the performance of our detector and determine theoretical bounds on the time-to-detection. Compared to alternative methods that use frequency spectra or event arrival rates for detection our method is shown to be superior in terms of time-to-detection. Further, unlike rate based techniques, our method can estimate the multiple periods when multiple periodic anomalies occur simultaneously.

Keywords

Internet; computer network security; telecommunication traffic; Internet traffic; biological signals; computer networks; denial of-service attacks; discrete events; event arrival rates; frequency spectra; low-rate periodic event detection; multiple periodic anomalies; renewal theory; time-to-detection; Approximation methods; Frequency domain analysis; Harmonic analysis; Histograms; Internet; Probability; Timing; Detection Algorithm; Discrete Event Systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Acoustics, Speech and Signal Processing (ICASSP), 2011 IEEE International Conference on

Conference_Location

Prague

ISSN

1520-6149

Print_ISBN

978-1-4577-0538-0

Electronic_ISBN

1520-6149

Type

conf

DOI

10.1109/ICASSP.2011.5947313

Filename

5947313