Title :
Communication patterns based detection of anomalous network traffic
Author :
Le, Do Quoc ; Jeong, Taeyeol ; Roman, H. Eduardo ; Hong, James Won-Ki
Author_Institution :
Div. of IT Convergence Eng., Pohang Univ. of Sci. & Technol. (POSTECH), Pohang, South Korea
Abstract :
We propose a novel approach to detect anomalous network traffic by analyzing communication patterns in time series. The method is based on graph theory concepts such as degree distribution and maximum degree, and we introduce the new concept of dK-2 distance [1]. In our approach, we use traffic dispersion graphs (TDGs) to extract communication structure [2]. By analyzing differences of TDG graphs in time series we are able to detect anomalous events such as botnet command and control communications, which cannot be identified by using volume-based approaches or flows/packets counters. We evaluate our approach with the 1999 DARPA intrusion detection data set and the network trace from POSTECH on July 2009.
Keywords :
computer network security; graph theory; telecommunication traffic; DDoS attacks; TDG graphs; anomalous network traffic detection; botnet command-and-control communications; communication patterns based detection; communication structure extraction; dK-2 distance; degree distribution concept; graph theory concepts; maximum degree concept; network security; time series; traffic dispersion graphs; Computer crime; Dispersion; Intrusion detection; Measurement; Protocols; Telecommunication traffic; Time series analysis; DDoS attacks; anomalous trafic detection; network security; traffic dispersion graph;
Conference_Titel :
Intelligence and Security Informatics (ISI), 2012 IEEE International Conference on
Conference_Location :
Arlington, VA
Print_ISBN :
978-1-4673-2105-1
DOI :
10.1109/ISI.2012.6284297
