Network traffic self similarity measurements using classifier based Hurst parameter estimation

Network traffic has been shown on numerous occasions to be self similar under normal conditions. This self similar property is however, lost during anomalous conditions such as device failure, congestion and malicious intrusions. Therefore, this loss of self similarity can be used to detect such events. The Hurst parameter (H) is the most widely accepted parameter for determining self similarity. However, an accurate estimate is data and computationally expensive. This paper discusses the potential of using efficient classifier and soft computing based approaches for determining self similarity. Traffic data is obtained for various user activities from genuine browsing to malicious attacks. This data is then analysed for self similarity. The logarithmic normalized histogram of the packet interarrival time is used to obtain a feature set for classification. Various techniques are used to analyse and reduce the feature set. Classification is done using Naive Bayes classifiers and Support Vector Machines (SVM). Artificial Neural Networks (ANN) are also used to estimate the Hurst parameter using function approximation. The results show that classifiers can detect non self similar behaviour with a very high accuracy of up to 100%.