Title :
Computational Complexity of Anomaly Detection Methods
Author :
Oshima, S. ; Nakashima, Takayoshi
Author_Institution :
ICT Center for Learning Support, Kumamoto Nat. Coll. of Technol., Yatsushiro, Japan
Abstract :
As the typical anomaly detection methods using statistics, entropy and χ2 based method has been researched and reported with their performance properties for anomaly attacks. In this research, we compare the time complexity of two our proposed detection method aiming to evaluate the performance of our system. Our previous researches have clarified that the source IP address and destination port number are efficient statistical variables to view the anomaly packet property, which lead to detect correctly. In this paper, we propose EMMM method for entropy value and CSDM method of χ2 value using multi statistical variables. The evaluation to verify the time complexity of our proposed methods were conducted using source IP address, destination port number and arriving interval of packets. We could extract the following results. Firstly, the total time complexity of the EMMM method is O(n) for the n total packets, and the time complexity of one window is O(W). Secondly, the time complexity of CSDM for one window is O(NW + Nm log m).
Keywords :
IP networks; computational complexity; computer network security; entropy; statistical analysis; χ2 based method; CSDM method; EMMM method; anomaly attacks; anomaly detection methods; computational complexity; destination port number; entropy value; multistatistical variables; packet interval; source IP address; time complexity; Delay; Entropy; Equations; Mathematical model; DoS/DDoS detection; Entropy; Time Complexity; anomaly detection; chi-square value; statistical approach;
Conference_Titel :
Broadband, Wireless Computing, Communication and Applications (BWCCA), 2012 Seventh International Conference on
Conference_Location :
Victoria, BC
Print_ISBN :
978-1-4673-2972-9
DOI :
10.1109/BWCCA.2012.112
