Detection Network Anomalies Based on Packet and Flow Analysis

Author

Wang Hong ; Gong Zhenghu ; Guan Qing ; Wang Baosheng

Author_Institution

Sch. of Comput., Nat. Univ. of Defense Technol., Changsha

fYear

2008

fDate

13-18 April 2008

Firstpage

497

Lastpage

502

Abstract

Anomalies generate vast amounts of bogus traffic, which can overwhelm the network and any attached hosts. Identifying traffic anomalies rapidly and accurately is critical to network stability and usefulness. Most papers focus on analyzing the volume of data or packets on the network. However, legitimate network traffic may be bursty or highly variable, rendering such naive approaches ineffective (Lakhina et al., 2005). We propose a novel method called MultiA to solve this problem. Rather than just looking at volumes of packets, MultiA intelligently adopted multistage filter and information entropy take into account the behavior of the network. The MultiA is scalable, automated and self-training. We find this technique effectively identifies network traffic anomalies while avoiding the high false alarms rate.

Keywords

computer networks; entropy; filtering theory; telecommunication security; telecommunication traffic; MultiA method; bogus traffic; flow analysis; information entropy; multistage filter; network anomaly detection; network stability; network traffic anomaly; packet analysis; Algorithm design and analysis; Fault detection; Information filtering; Intelligent networks; Signal analysis; Support vector machines; Telecommunication traffic; Testing; Traffic control; Wavelet analysis; anomaly detection; flow analysis; multistage filter;

fLanguage

English

Publisher

ieee

Conference_Titel

Networking, 2008. ICN 2008. Seventh International Conference on

Conference_Location

Cancun

Print_ISBN

978-0-7695-3106-9

Electronic_ISBN

978-0-7695-3106-9

Type

conf

DOI

10.1109/ICN.2008.83

Filename

4498210