Network anomaly detection using autonomous system flow aggregates

Author

Johnson, Thienne ; Lazos, Loukas

Author_Institution

Dept. of Electr. & Comput. Eng., Univ. of Arizona, Tucson, AZ, USA

fYear

2014

fDate

8-12 Dec. 2014

Firstpage

544

Lastpage

550

Abstract

Detecting malicious traffic streams in modern computer networks is a challenging task due to the growing traffic volume that must be analyzed. Traditional anomaly detection systems based on packet inspection face a scalability problem in terms of computational and storage capacity. One solution to this scalability problem is to analyze traffic based on IP flow aggregates. However, IP aggregates can still result in prohibitively large datasets for networks with heavy traffic loads. In this paper, we investigate whether anomaly detection is still possible when traffic is aggregated at a coarser scale. We propose a volumetric analysis methodology that aggregates traffic at the Autonomous System (AS) level. We show that our methodology reduces the number of flows to be analyzed by several orders of magnitude compared with IP flow level analysis, while still detecting traffic anomalies.

Keywords

IP networks; computational complexity; computer network security; telecommunication traffic; AS level; IP flow aggregation; autonomous system flow aggregation; coarser scale; computational capacity; computer network; malicious traffic stream detection; network anomaly detection; packet inspection; volumetric analysis methodology; Aggregates; IP networks; Logic gates; Measurement; Monitoring; Training; Training data;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Communications Conference (GLOBECOM), 2014 IEEE

Conference_Location

Austin, TX

Type

conf

DOI

10.1109/GLOCOM.2014.7036864

Filename

7036864