An Anomaly Detection and Analysis Method for Network Traffic Based on Correlation Coefficient Matrix

Author

Chen, Ning ; Chen, Xiao-Su ; Xiong, Bing ; Lu, Hong-Wei

Author_Institution

Sch. of Comput. Secience & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China

fYear

2009

fDate

25-27 Sept. 2009

Firstpage

238

Lastpage

244

Abstract

Based on TCP protocol, this paper aims at TCP flows, discusses the effects of multivariate correlation analysis on network traffic, obtains the quantitative relationship between different types of TCP packets in each time unit by correlation coefficient matrix, and finally proposes an anomaly detection and analysis method based on the correlation coefficient matrix. The experimental results show that our method can efficiently distinguish normal and abnormal traffic, and accurately detect and classify various anomaly behaviors (such as network scanning and DDoS attacks) in network traffic. The linear complexity of our method makes real-time detection and analysis practical.

Keywords

computer networks; matrix algebra; security of data; telecommunication traffic; transport protocols; TCP packets; TCP protocol; anomaly analysis method; anomaly detection; correlation coefficient matrix; multivariate correlation analysis; network traffic; Computer crime; Computer networks; Computer vision; Computer worms; Digital forensics; Embedded computing; Large-scale systems; Protocols; Statistics; Telecommunication traffic; TCP flow; anomaly detection; correlation coefficient matrix; network anomaly;

fLanguage

English

Publisher

ieee

Conference_Titel

Scalable Computing and Communications; Eighth International Conference on Embedded Computing, 2009. SCALCOM-EMBEDDEDCOM'09. International Conference on

Conference_Location

Dalian

Print_ISBN

978-0-7695-3825-9

Type

conf

DOI

10.1109/EmbeddedCom-ScalCom.2009.50

Filename

5341523