Title :
Case study of an anomalous traffic detection on the aggregation points of enterprise network
Author :
Cho, Yoohee ; Kim, Yihan
Author_Institution :
KT Network R&D Lab., Daejeon, South Korea
Abstract :
Our network infrastructure is exposed to persistent threats of DDoS and many unknown attacks. These threats threaten the availability of ISP´s network and services. This paper proposes network-based anomalous traffic detection method and presents an anomalous traffic detection system, its architecture and main function blocks. Every five minutes, traffic information and security events are gathered in a central server and new arrival traffic is compared with the already generated baseline traffic. This approach is exploring an anomalous traffic detection based on time series traffic modeling and analyzing traffic by time of day, day of week, and special days. To improve the accuracy of detection, we analyze flow information and security events. We developed an anomalous traffic detection system and deployed on the aggregation points of enterprise network.
Keywords :
business communication; computer networks; security of data; telecommunication security; telecommunication traffic; aggregation points; anomalous traffic detection; enterprise network; security events; time series traffic modeling; traffic information; Accuracy; Analytical models; IP networks; Internet; Monitoring; Security; Time series analysis; anomaly; intrusion detection; traffic monitoring;
Conference_Titel :
Advanced Communication Technology (ICACT), 2011 13th International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-8830-8
