Anomaly Detection Using Chi-square Values Based on the Typical Features and the Time Deviation

Author

Oshima, Shunsuke ; Nakashima, Takuo ; Sueyoshi, Toshinori

Author_Institution

ICT Center for Learning Support, Kumamoto Nat. Coll. of Technol., Kumamoto, Japan

fYear

2011

fDate

22-25 March 2011

Firstpage

97

Lastpage

104

Abstract

In the research of the anomaly detection system analyzing the packet header on the Internet, previous researches have proposed the anomaly detection system using chi-square values in terms of the source IP address and/or the destination port number. In these previous researches, the chi-square values were calculated from one feature causing the degradation in the False-Positive when the same symbol appears sequentially. Therefore, we propose the anomaly detection technique using chi-square values based on multi features. We also propose dynamic BIN division technique to deal with the traffic fluctuations such as day and night traffic differences. Applying our method, the chi-square values based on the time division were able to decrease the False-Positive. Our method was also able to adapt the traffic variations by applying the dynamic BIN division technique.

Keywords

security of data; statistical analysis; telecommunication security; telecommunication traffic; anomaly detection; chi-square values; dynamic BIN division technique; packet header; source IP address; time deviation; Computer crime; Entropy; Equations; IP networks; Internet; Mathematical model; Servers; DoS/DDoS detection; anomaly detection; chisquare value; statistical approach;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications (AINA), 2011 IEEE International Conference on

Conference_Location

Biopolis

ISSN

1550-445X

Print_ISBN

978-1-61284-313-1

Electronic_ISBN

1550-445X

Type

conf

DOI

10.1109/AINA.2011.54

Filename

5763111