Title :
Detecting anomalies in network traffic using the method of remaining elements
Author :
Velarde-Alvarado, P. ; Vargas-Rosales, C. ; Torres-Roman, D. ; Martinez-Herrera, A.
Author_Institution :
Autonomous Univ. of Nayarit, Nayarit
fDate :
6/1/2009 12:00:00 AM
Abstract :
Attacks, such as port scans, DDoS and worms, threaten the functionality and reliability of IP networks. Early and accurate detection is crucial to mitigate their impact. We use the Method of Remaining Elements (MRE) to detect anomalies based on the characterization of traffic features through a proportional uncertainty measure. MRE has the functionality and performance to detect abnormal behavior and serve as the foundation for next generation network intrusion detection systems.
Keywords :
IP networks; security of data; telecommunication network management; telecommunication security; telecommunication traffic; IP network attack; network intrusion detection; network traffic anomaly; remaining elements; Entropy; Feature extraction; IP networks; Intelligent networks; Intrusion detection; Measurement uncertainty; Next generation networking; Telecommunication traffic; Time measurement; Upper bound; Anomaly detection, traffic anomalies, entropy based intrusion detection;
Journal_Title :
Communications Letters, IEEE
DOI :
10.1109/LCOMM.2009.090689
