Title :
An ARP-based Anomaly Detection Algorithm Using Hidden Markov Model in Enterprise Networks
Author :
Yasami, Y. ; Farahmand, M. ; Zargari, V.
Author_Institution :
Tamin Co., Tehran
Abstract :
Network anomaly detection is an active research area. Behavior recognition of traffic is a process by which the ongoing observed behavior of a host is tracked and compared by a given model. Various methods for behavior recognition exist. But incorporation of Hidden Markov Models (HMM´s) for anomaly detection (ARP anomaly detection, especially) is a novel method. This paper aims at classifying the network ARP traffic as an abnormal or normal using a special HMM. The paper´s main objective is to build a statistical anomaly detection system, a predictive model capable of discrimination between normal and abnormal behavior of network ARP traffic. The proposed method is unique in this aspect that by applying a modified HMM presents a host-based ARP anomaly detection algorithm with very high accuracy. We applied the method in a real campus network and observed a precision of above 90%.
Keywords :
business communication; hidden Markov models; telecommunication traffic; ARP; anomaly detection algorithm; enterprise networks; hidden Markov model; statistical anomaly detection system; Access protocols; Backplanes; Complex networks; Detection algorithms; Hidden Markov models; IP networks; Packet switching; Switches; Telecommunication traffic; Traffic control; Address Resolution Protocol (ARP); Anomaly Detection; Hidden Markov Model (HMM).;
Conference_Titel :
Systems and Networks Communications, 2007. ICSNC 2007. Second International Conference on
Conference_Location :
Cap Esterel
Print_ISBN :
0-7695-2938-0
Electronic_ISBN :
978-0-7695-2938-7
DOI :
10.1109/ICSNC.2007.15
