Title :
An Anomaly Detection and Analysis Method for Network Traffic Based on Correlation Coefficient Matrix
Author :
Chen, Ning ; Chen, Xiao-Su ; Xiong, Bing ; Lu, Hong-Wei
Author_Institution :
Sch. of Comput. Secience & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
Based on TCP protocol, this paper aims at TCP flows, discusses the effects of multivariate correlation analysis on network traffic, obtains the quantitative relationship between different types of TCP packets in each time unit by correlation coefficient matrix, and finally proposes an anomaly detection and analysis method based on the correlation coefficient matrix. The experimental results show that our method can efficiently distinguish normal and abnormal traffic, and accurately detect and classify various anomaly behaviors (such as network scanning and DDoS attacks) in network traffic. The linear complexity of our method makes real-time detection and analysis practical.
Keywords :
computer networks; matrix algebra; security of data; telecommunication traffic; transport protocols; TCP packets; TCP protocol; anomaly analysis method; anomaly detection; correlation coefficient matrix; multivariate correlation analysis; network traffic; Computer crime; Computer networks; Computer vision; Computer worms; Digital forensics; Embedded computing; Large-scale systems; Protocols; Statistics; Telecommunication traffic; TCP flow; anomaly detection; correlation coefficient matrix; network anomaly;
Conference_Titel :
Scalable Computing and Communications; Eighth International Conference on Embedded Computing, 2009. SCALCOM-EMBEDDEDCOM'09. International Conference on
Conference_Location :
Dalian
Print_ISBN :
978-0-7695-3825-9
DOI :
10.1109/EmbeddedCom-ScalCom.2009.50
