Title :
Anomaly Detection Using Chi-square Values Based on the Typical Features and the Time Deviation
Author :
Oshima, Shunsuke ; Nakashima, Takuo ; Sueyoshi, Toshinori
Author_Institution :
ICT Center for Learning Support, Kumamoto Nat. Coll. of Technol., Kumamoto, Japan
Abstract :
In the research of the anomaly detection system analyzing the packet header on the Internet, previous researches have proposed the anomaly detection system using chi-square values in terms of the source IP address and/or the destination port number. In these previous researches, the chi-square values were calculated from one feature causing the degradation in the False-Positive when the same symbol appears sequentially. Therefore, we propose the anomaly detection technique using chi-square values based on multi features. We also propose dynamic BIN division technique to deal with the traffic fluctuations such as day and night traffic differences. Applying our method, the chi-square values based on the time division were able to decrease the False-Positive. Our method was also able to adapt the traffic variations by applying the dynamic BIN division technique.
Keywords :
security of data; statistical analysis; telecommunication security; telecommunication traffic; anomaly detection; chi-square values; dynamic BIN division technique; packet header; source IP address; time deviation; Computer crime; Entropy; Equations; IP networks; Internet; Mathematical model; Servers; DoS/DDoS detection; anomaly detection; chisquare value; statistical approach;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2011 IEEE International Conference on
Conference_Location :
Biopolis
Print_ISBN :
978-1-61284-313-1
Electronic_ISBN :
1550-445X
DOI :
10.1109/AINA.2011.54
