Title :
Research of Real-Time anomaly detection based on network traffic sampling measurement
Author :
Zhou Yan-sen ; Pan Tian
Author_Institution :
Dept. of lnformation Sci. & Technol., Univ. of Int. Relations, Beijing, China
Abstract :
Real-Time anomaly detection is currently a hot topic in the area of network security research. In this paper, we firstly introduce the average length of data message as the measurement of abnormal behavior, and then advance a model of sampling measurement, in which the stratified sampling algorithm based on content trigger is utilized to select the bits in the IP packet identification field as the sampling and mask´s length and contents. The comparison between statistic characters of total messages traffic and the samples in a large-scale network decides whether the sampIes are precise and efficient. Based on statistic characters of the samples and examination theory of hypothesis, real-time anomaly detection model is built. Lastly, average length of network data packets is defined to be the measurement of network behavior, and then we successfully realize the real time detection of distributed denial of service attack of network. Methods and ideas in this paper could provide some meaningful advice for other network security detection researches.
Keywords :
IP networks; sampling methods; telecommunication security; telecommunication traffic; IP packet identification; data message average length; distributed denial-of-service attack; large-scale network; network data packet; network security detection; network traffic sampling measurement; real-time anomaly detection; statistic character; Artificial intelligence; Real time systems; anomaly behavior; average length; behavior metric; sampling measurement; smoothing window;
Conference_Titel :
Computer Science and Network Technology (ICCSNT), 2011 International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4577-1586-0
DOI :
10.1109/ICCSNT.2011.6182462
