Title :
Conversation exchange dynamics for real-time network monitoring and anomaly detection
Author :
Zachary, John ; McEachen, John ; Ettlich, Dan
Author_Institution :
Dept. of Comput. Sci. & Eng., South Carolina Univ., Columbia, SC, USA
Abstract :
We present a model for real-time network monitoring and anomaly detection that provides a holistic view of network conversation exchanges. We argue that monitoring and anomaly detection are necessary mechanisms for ensuring secure and dependable network computing infrastructure. The model for network traffic exchange is based on a modified Ehrenfest urn model. The motivation for the model is heavily influenced by the success of statistical physics to provide macrostate descriptions of physical systems when the exact microstate parameters of each element in the system precludes understanding from first principles. The conversation exchange dynamics model for real-time network monitoring and anomaly detection is formally described. The model induces a unique real-time visualization capability for network monitoring and detection of anomalous events. An implementation of the model and visualization capability is presented along with laboratory tests and successful detection of real world events, including a Code Red worm attack.
Keywords :
authorisation; computer networks; message authentication; telecommunication security; telecommunication traffic; Code Red worm attack; Ehrenfest urn model; denial of service; network anomaly detection; network conversation exchange dynamics model; network traffic exchange; real-time network monitoring; secure network computing; Computer crime; Computer networks; Computer worms; Computerized monitoring; Event detection; Intrusion detection; Payloads; Protocols; Telecommunication traffic; Visualization;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings. Second IEEE International
Print_ISBN :
0-7695-2117-7
DOI :
10.1109/IWIA.2004.1288038
