Title :
Anomaly detection of network traffic based on the largest Lyapunov exponent
Author :
Xiong, Wei ; Hu, Hanping ; Yang, Yue ; Wang, Qian
Author_Institution :
Inst. of Pattern Recognition & AI, Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
A Real-time and reliable detection of anomalies is an important and challenging task. Unlike most detection methods based on the statistical analysis of the packet headers (Such as IP addresses and ports), we propose a new nonlinear approach only using network traffic volumes to detect anomalies reliably. Our method is based on the largest Lyapunov exponent and the change-point detection theory to judge whether anomalies have happened. In details, the largest Lyapunov exponents of normal and anomaly data fluctuate slightly respectively while those of the overlapped data composed of them fluctuate greatly because the dynamic structure of data has changed. Experimental results on network traffic volumes transformed from 1999 DARPA intrusion evaluation data set show that this method can more effectively detect network anomalies contrast to a linear method.
Keywords :
statistical analysis; telecommunication traffic; DARPA intrusion evaluation; Lyapunov exponent; anomaly detection; change-point detection theory; network traffic; packet headers; statistical analysis; Availability; Chaos; Delay estimation; Fluctuations; Information security; Intrusion detection; Monitoring; Pattern recognition; Telecommunication traffic; Time series analysis; Largest Lyapunov exponent; anomaly detection; network traffic volume;
Conference_Titel :
Advanced Computer Control (ICACC), 2010 2nd International Conference on
Conference_Location :
Shenyang
Print_ISBN :
978-1-4244-5845-5
DOI :
10.1109/ICACC.2010.5486934
