An approach for detecting anomalies by assessing the inter-arrival time of UDP packets and flows using Benford´s law

In this paper, from the perspective of Benford´s law the inter-arrival time of UDP in packet and flow levels, is investigated. Benford´s law is an empirical law that describes the distribution of first digits in series of numbers in natural phenomena. We claim that Benford´s law describes the inter-arrival time of UDP packets and flows in normal traffic of networks. As a result, any significant anomaly in UDP packets and flows including deliberate intrusions, unwanted errors or in general, network failures, can be identified by checking the first digit distribution inter-arrival time of UDP packets and flows. In a recent work, the relationship between Weibull distribution and Benford´s law was studied. In another work, the compliance of the inter-arrival time of UDP packets and flows from Weibull distribution is presented. In this paper, we have proposed a method for using Benford´s law for detecting anomalies in inter-arrival time of UDP packets and flows. The proposed method can detect the UDP Flood attack with high detection rate.