Title :
MCST: Anomaly detection using feature stability for packet-level traffic
Author :
Zhang, Bin ; Yang, Jiahai ; Wu, Jianping ; Qin, Donghong ; Gao, Lei
Author_Institution :
Network Res. Center, Tsinghua Univ., Beijing, China
Abstract :
In this paper, we present a statistical analysis of six traffic features based on entropy and distinct feature number at the packet level, and we find that, although these traffic features are unstable and show seasonal patterns like traffic volume for a long period, they are stable and consistent with Gaussian distribution in a short time period. However, this equilibrium property will be violated by some anomalies. Based on this observation, we propose a Multi-dimensional Clustering method for Short-time scale Traffic(MCST) to classify abnormal and normal traffic. We compare our new method to the well known wavelet technique. The detection result on synthetic anomaly traffic shows MCST can better detect the low-rate attacks than wavelet-based method, and detection result on real traffic demonstrates that MCST can detect more anomalies with low false alarm rate.
Keywords :
Gaussian distribution; data communication; data mining; entropy; pattern clustering; security of data; telecommunication traffic; wavelet transforms; Gaussian distribution; anomaly detection; entropy; equilibrium property; false alarm rate; feature stability; multidimensional clustering method; packet level traffic feature; short time scale traffic; statistical analysis; traffic volume; wavelet technique; Data models; Educational institutions; Entropy; Feature extraction; Gaussian distribution; IP networks; Training;
Conference_Titel :
Network Operations and Management Symposium (APNOMS), 2011 13th Asia-Pacific
Conference_Location :
Taipei
Print_ISBN :
978-1-4577-1668-3
DOI :
10.1109/APNOMS.2011.6077018
