Title :
Spectrum analysis for detecting slow-paced persistent activities in network security
Author :
Li Ming Chen ; Meng Chang Chen ; Sun, Yeali S. ; Wanjiun Liao
Author_Institution :
Dept. of Electr. Eng., Nat. Taiwan Univ., Taipei, Taiwan
Abstract :
A slow-paced attack, such as slow worm or bot, can remain undetectable indefinitely by slowing down the pace of its movement. Detecting slow attacks based on traditional anomaly detection techniques may yield high false alarm rates. Since attacks are usually controlled by pre-programmed computer codes, their behaviors have regularity. In this paper, we track outbound connections of hosts by using a time series. Although the correlation among slow attacks´ connections is temporally weak; the regularity of these connections remains preserved in the time series. Accordingly, we focus on time series spectrum analysis, and propose a detection method to identify peculiar spectral patterns which can represent the occurrence of a recurring and persistent activity in the time domain. We use both synthesized traffic and real-world traffic to evaluate our method. The results show that our method is efficient and effective in detecting slow-paced persistent activities even in a noisy environment with legitimate traffic.
Keywords :
computer network security; telecommunication traffic; time series; anomaly detection techniques; high false alarm rates; legitimate traffic; network security; outbound connection tracking; peculiar spectral pattern identification; preprogrammed computer codes; real-world traffic; slow-paced attack detection; slow-paced persistent activity detection; synthesized traffic; time series spectrum analysis; Analytical models; Delays; Discrete Fourier transforms; Frequency-domain analysis; Grippers; Spectral analysis; Time series analysis; network security; persistent activity; slow attack; spectrum analysis; time series;
Conference_Titel :
Communications (ICC), 2013 IEEE International Conference on
Conference_Location :
Budapest
DOI :
10.1109/ICC.2013.6654815
