Detecting anomalous network traffic in organizational private networks

Author

Vaarandi, Risto

Author_Institution

NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia

fYear

2013

fDate

25-28 Feb. 2013

Firstpage

285

Lastpage

292

Abstract

During the last decade, network monitoring and intrusion detection have become essential techniques of cyber security. Nowadays, many institutions are using advanced solutions for detecting malicious network traffic, discovering network anomalies, and preventing cyber attacks. However, most research in this area has not been conducted specifically for organizational private networks, and their special properties have not been considered. In this paper, we first present a study of traffic patterns in a corporate private network, and then propose two novel algorithms for detecting anomalous network traffic and node behavior in such networks.

Keywords

computer network security; virtual private networks; anomalous network traffic detection; corporate private network; cyber attack; cyber security; intrusion detection; network monitoring; node behavior; organizational private network; Clustering algorithms; IP networks; Monitoring; Ports (Computers); Servers; Telecommunication traffic; Transport protocols; cyber security; network anomaly detection; network forensics; network monitoring;

fLanguage

English

Publisher

ieee

Conference_Titel

Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2013 IEEE International Multi-Disciplinary Conference on

Conference_Location

San Diego, CA

Print_ISBN

978-1-4673-2437-3

Type

conf

DOI

10.1109/CogSIMA.2013.6523859

Filename

6523859