Title :
Network traffic behavior analysis by decomposition into control and data planes
Author :
AsSadhan, Basil ; Kim, Hyong ; Moura, José M F ; Wang, Xiaohui
Author_Institution :
Electr. & Comput. Eng. Dept., Carnegie Mellon Univ., Pittsburgh, PA
Abstract :
In this paper, we analyze network traffic behavior by decomposing header traffic into control and data planes to study the relationship between the two planes. By computing the cross-correlation between the control and data traffics, we observe a general ´similar´ behavior between the two planes during normal behavior, and that this similarity is affected during abnormal behaviors. This allows us to focus on abnormal changes in network traffic behavior. We test our approach on the Network Intrusion Dataset provided by the Information Exploration Shootout (IES) project and the 1999 DARPA Intrusion detection Evaluation Dataset from the MIT Lincoln Lab. We find that TCP control and data traffic have high correlation levels during benign normal applications. This correlation is reduced when attacks that affect the aggregate traffic are present in the two datasets.
Keywords :
computer networks; security of data; telecommunication security; telecommunication traffic; transport protocols; TCP control; computer network intrusion detection; cross-correlation function; data traffic; network traffic behavior analysis; Aggregates; Communication system traffic control; Computer networks; Data engineering; Data security; Detectors; Intrusion detection; Telecommunication traffic; Testing; Traffic control; Network traffic analysis; abnormal behavior; anomaly detection; cross-correlation function; long-range dependence;
Conference_Titel :
Parallel and Distributed Processing, 2008. IPDPS 2008. IEEE International Symposium on
Conference_Location :
Miami, FL
Print_ISBN :
978-1-4244-1693-6
Electronic_ISBN :
1530-2075
DOI :
10.1109/IPDPS.2008.4536559
