Title :
Detection Network Anomalies Based on Packet and Flow Analysis
Author :
Wang Hong ; Gong Zhenghu ; Guan Qing ; Wang Baosheng
Author_Institution :
Sch. of Comput., Nat. Univ. of Defense Technol., Changsha
Abstract :
Anomalies generate vast amounts of bogus traffic, which can overwhelm the network and any attached hosts. Identifying traffic anomalies rapidly and accurately is critical to network stability and usefulness. Most papers focus on analyzing the volume of data or packets on the network. However, legitimate network traffic may be bursty or highly variable, rendering such naive approaches ineffective (Lakhina et al., 2005). We propose a novel method called MultiA to solve this problem. Rather than just looking at volumes of packets, MultiA intelligently adopted multistage filter and information entropy take into account the behavior of the network. The MultiA is scalable, automated and self-training. We find this technique effectively identifies network traffic anomalies while avoiding the high false alarms rate.
Keywords :
computer networks; entropy; filtering theory; telecommunication security; telecommunication traffic; MultiA method; bogus traffic; flow analysis; information entropy; multistage filter; network anomaly detection; network stability; network traffic anomaly; packet analysis; Algorithm design and analysis; Fault detection; Information filtering; Intelligent networks; Signal analysis; Support vector machines; Telecommunication traffic; Testing; Traffic control; Wavelet analysis; anomaly detection; flow analysis; multistage filter;
Conference_Titel :
Networking, 2008. ICN 2008. Seventh International Conference on
Conference_Location :
Cancun
Print_ISBN :
978-0-7695-3106-9
Electronic_ISBN :
978-0-7695-3106-9
DOI :
10.1109/ICN.2008.83
