A Small-time Scale Netflow-based Anomaly Traffic Detecting Method Using MapReduce
نویسنده
چکیده
Anomaly traffic detecting using Netflow data is one of important problems in the field of network security. In this paper, we proposed an approach using MapReduce model, which was realized by means of the entropy observation and DFN (Distinct feature number) distribution deviations of traffic features under anomalies at small time scales. The MapReduce was used to deal with huge amounts of data with the aid of computer cluster processing. Experimental results show the effectiveness of the proposed approach.
منابع مشابه
Detecting Anomalies in Netflow Record Time Series by Using a Kernel Function
This paper presents current work for the detection of anomalies in Netflow records by leveraging a kernel function method. Netflow records are spatially aggregated over time, such that the designed kernel function can capture topological and quantitative changes in network traffic time series.
متن کاملGraph-Based Traffic Analysis for Network Intrusion Detection
Hristo Djidjev, CCS-3; Gary Sandine, T-5 There are two main approaches to detecting malware and intrusion attacks in computer networks: signaturebased and anomaly-based. The anomaly detection approach has the advantage that new types of attacks can be identified even before their signatures are discovered and catalogued. Our anomaly-based approach analyzes regular users’ activity data from hist...
متن کاملLarge-scale IP network behavior anomaly detection and identification using substructure-based approach and multivariate time series mining
In this paper, a substructure-based network behavior anomaly detection approach, called WFS (Weighted Frequent Subgraphs), is proposed to detect the anomalies of a large-scale IP networks. With application of WFS, an entire graph is examined, unusual substructures of which are reported. Due to additional information given by the graph, the anomalies are able to be detected more accurately. With...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کامل