Statistical analysis on aggregate and flow based traffic features distribution

Anomaly traffic detection is one method to detect attack in internet, especially Distributed Denial of Service (DDoS). Here, traffic analysis which reveal the observed traffic pattern is key important process as the anomaly decision was taken based on traffic analysis. This research analyzed several statistical analysis of traffic datasets categorized as normal, DDoS attack and flashcrowd. Analysis done in aggregate and per-flow traffic level which showed similarity and difference in each category. Windowing technic used to measure instantaneous statistical value. The result showed several statistical difference which could be used to categorized types of anomaly, especially to identify normal threshold. Flow to normal average flow distance distribution perform not followed Gaussian distribution.