• DocumentCode
    2882800
  • Title

    Anomalies in network traffic

  • Author

    Ratner, Alan S. ; Kelly, Patrick

  • Author_Institution
    Inf. Syst., Cyber Solutions Division, Northrop Grumman, Annapolis Junction, MD, USA
  • fYear
    2013
  • fDate
    4-7 June 2013
  • Firstpage
    206
  • Lastpage
    208
  • Abstract
    We report the results of a search for anomalies in network traffic. Our data set consisted of two billion packets collected over four days at the gateways of our large corporate network. Analysis of the distributions of the packet metadata fields (IP addresses, ports, time-to-live and packet length) revealed anomalous activity including IP scans, port scans and hybrid scans as well as coordinated and synchronous activity. Analysis of such large amounts of data can be onerous; the use of Apache Hadoop to implement reliable, scalable, distributed computing enabled us to perform our computations rapidly on a small cluster of servers.
  • Keywords
    IP networks; distributed processing; internetworking; intranets; public domain software; telecommunication traffic; Apache Hadoop; IP addresses; IP scans; anomalous activity; anomaly search; coordinated activity; corporate network; distributed computing; gateways; hybrid scans; network traffic; packet length; packet metadata field distribution analysis; port scans; reliable Apache; scalable computing; server cluster; synchronous activity; time-to-live; Entropy; IP networks; Internet; Logic gates; Ports (Computers); Telecommunication traffic; Hadoop; IP networks; anomalous behavior; network defense;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on
  • Conference_Location
    Seattle, WA
  • Print_ISBN
    978-1-4673-6214-6
  • Type

    conf

  • DOI
    10.1109/ISI.2013.6578820
  • Filename
    6578820
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2882800