Anomaly detection of network traffic based on the largest Lyapunov exponent

Author

Xiong, Wei ; Hu, Hanping ; Yang, Yue ; Wang, Qian

Author_Institution

Inst. of Pattern Recognition & AI, Huazhong Univ. of Sci. & Technol., Wuhan, China

Volume

4

fYear

2010

fDate

27-29 March 2010

Firstpage

581

Lastpage

585

Abstract

A Real-time and reliable detection of anomalies is an important and challenging task. Unlike most detection methods based on the statistical analysis of the packet headers (Such as IP addresses and ports), we propose a new nonlinear approach only using network traffic volumes to detect anomalies reliably. Our method is based on the largest Lyapunov exponent and the change-point detection theory to judge whether anomalies have happened. In details, the largest Lyapunov exponents of normal and anomaly data fluctuate slightly respectively while those of the overlapped data composed of them fluctuate greatly because the dynamic structure of data has changed. Experimental results on network traffic volumes transformed from 1999 DARPA intrusion evaluation data set show that this method can more effectively detect network anomalies contrast to a linear method.

Keywords

statistical analysis; telecommunication traffic; DARPA intrusion evaluation; Lyapunov exponent; anomaly detection; change-point detection theory; network traffic; packet headers; statistical analysis; Availability; Chaos; Delay estimation; Fluctuations; Information security; Intrusion detection; Monitoring; Pattern recognition; Telecommunication traffic; Time series analysis; Largest Lyapunov exponent; anomaly detection; network traffic volume;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Computer Control (ICACC), 2010 2nd International Conference on

Conference_Location

Shenyang

Print_ISBN

978-1-4244-5845-5

Type

conf

DOI

10.1109/ICACC.2010.5486934

Filename

5486934