Case study of an anomalous traffic detection on the aggregation points of enterprise network

Author

Cho, Yoohee ; Kim, Yihan

Author_Institution

KT Network R&D Lab., Daejeon, South Korea

fYear

2011

fDate

13-16 Feb. 2011

Firstpage

1245

Lastpage

1248

Abstract

Our network infrastructure is exposed to persistent threats of DDoS and many unknown attacks. These threats threaten the availability of ISP´s network and services. This paper proposes network-based anomalous traffic detection method and presents an anomalous traffic detection system, its architecture and main function blocks. Every five minutes, traffic information and security events are gathered in a central server and new arrival traffic is compared with the already generated baseline traffic. This approach is exploring an anomalous traffic detection based on time series traffic modeling and analyzing traffic by time of day, day of week, and special days. To improve the accuracy of detection, we analyze flow information and security events. We developed an anomalous traffic detection system and deployed on the aggregation points of enterprise network.

Keywords

business communication; computer networks; security of data; telecommunication security; telecommunication traffic; aggregation points; anomalous traffic detection; enterprise network; security events; time series traffic modeling; traffic information; Accuracy; Analytical models; IP networks; Internet; Monitoring; Security; Time series analysis; anomaly; intrusion detection; traffic monitoring;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Communication Technology (ICACT), 2011 13th International Conference on

Conference_Location

Seoul

ISSN

1738-9445

Print_ISBN

978-1-4244-8830-8

Type

conf

Filename

5746030