Title :
A Novel Sliding Window Based Change Detection Algorithm for Asymmetric Traffic
Author :
Ahmed, Ejaz ; Clark, Andrew ; Mohay, George
Author_Institution :
Queensland Univ. of Technol., Brisbane, QLD
Abstract :
The effects of network attacks may result in abrupt changes in network traffic parameters. The speedy identification of these changes is critical for smooth network operation. This paper illustrates a sequential analysis technique for detecting these unknown abrupt changes in asymmetric network traffic. A novel sliding window based adaptive cumulative sum (CUSUM) algorithm is used to detect the cause of such variations in network traffic. The significance of the proposed algorithm is two-fold: (1) automatic adjustment of the change detection threshold while minimising the false alarm rate, and (2) timely detection of an end to the anomalous traffic. The validity of the proposed technique is investigated by experimentation on simulated data and on 18 months of real network traces collected from a class C darknet. Comparative analysis of the proposed technique with a traditional CUSUM method demonstrates its superior performance with high detection accuracy and low false alarm rate.
Keywords :
security of data; statistical analysis; telecommunication traffic; CUSUM method; anomalous traffic; asymmetric network traffic; false alarm rate; network traffic parameters; sequential analysis technique; sliding window based adaptive cumulative sum algorithm; sliding window based change detection algorithm; Algorithm design and analysis; Change detection algorithms; Computer crime; Detection algorithms; IP networks; Monitoring; Sequential analysis; Telecommunication traffic; Testing; Traffic control; Change Detection; Cumulative Sum; Sliding Window; Unused Address Space;
Conference_Titel :
Network and Parallel Computing, 2008. NPC 2008. IFIP International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3354-4
DOI :
10.1109/NPC.2008.81
