Risk Leveling of Network Traffic Anomalies
نویسندگان
چکیده
The goal of intrusion detection is to identify attempted or ongoing attacks on a computer system or network. Many attacks aim to compromise computer networks in an online manner. Traffic anomalies have been an important indication of such attacks. Challenges in the detections lie in modeling of the large continuous streams of data and performing anomaly detection in an online manner. This paper presents a data mining technique to assess the risks of local anomalies based on synopsis obtained from a global spatiotemporal modeling approach. The proposed model is proactive in the detection of various types of traffic related attacks such as distributed denial of service (DDoS). It is incremental, scalable and thus suitable for online processing. Algorithm analysis shows the time efficiency of the proposed technique. The experiments conducted with a DARPA dataset demonstrate that compared with a frequency based anomaly detection model, the false alarm rate caused by the proposed model is significantly mitigated without losing a high detection rate.
منابع مشابه
Urban network risk assessment using Fuzzy-AHP and TOPSIS in GIS environment
Risk assessment of urban network using traffic indicators determines vulnerable links with high danger of traffic incidents. Thus Determination of an appropriate methodology remains a big challenge to achieve this objective. This paper proposed a methodology based on data fusion concept using Fuzzy-AHP and TOPSIS to achieve this aim. The proposed methodology tries to overcome two main problems,...
متن کاملRisk assessment of noise pollution by analyzing the level of sound loudness resulting from central traffic in Shiraz
Background: Today, the effects of environmental pollution on human life and human needs, which reduces the level of community health caused by traffic noise in large cities, are clearly visible by creating irritation and pathogenic conditions. The aim of this study was to assess the risk of noise pollution resulted from central traffic in Shiraz by analyzing its indicators and related componen...
متن کاملSub-Space Clustering, Inter-Clustering Results Association & Anomaly Correlation for Unsupervised Network Anomaly Detection
Network anomaly detection is a critical aspect of network management for instance for QoS, security, etc. The continuous arising of new anomalies and attacks create a continuous challenge to cope with events that put the network integrity at risk. Most network anomaly detection systems proposed so far employ a supervised strategy to accomplish the task, using either signature-based detection me...
متن کاملA MATLAB® Toolkit for Spatial and Temporal Analysis of Network Traffic Anomalies and a Simulator/Emulator for Network Traffic Anomalies
An easily customizable toolkit used to reveal spatial and temporal properties of network traffic traces and a simulator/emulator that regenerates anomalies having statistically similar anomalies to real networks is developed. The analyzer toolkit is fed with network traces as inputs, and anomalies are identified along with their properties. The toolkit uses Fourier analysis to suppress prominen...
متن کاملTraffic Anomaly Detection and Characterization in the Tunisian National University Network
Traffic anomalies are characterized by unusual and significant changes in a network traffic behavior. They can be malicious or unintentional. Malicious traffic anomalies can be caused by attacks, abusive network usage and worms or virus propagations. However unintentional ones can be caused by failures, flash crowds or router misconfigurations. In this paper, we present an anomaly detection sys...
متن کامل