Traffic Analysis, Statistical Anomaly Detection
نویسندگان
چکیده
In this paper, we evaluate the capability to detect traffic anomalieswith Shewhart, CUSUM, andEWMA control charts. In order to cope with seasonal variation and serial correlation, control charts are not applied to traffic measurement time-series directly, but to the prediction errors of exponential smoothing and Holt-Winters forecasting. The evaluation relies on flow data collected in an ISP backbone network and shows that good detection results can be achieved with an appropriate choice and parametrization of the forecasting method and the control chart. On the other hand, the relevance of the detected anomalies for the network operator mainly depends on the monitored metrics and the selected parts of traffic.
منابع مشابه
Moving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملAutonomous profile-based anomaly detection system using principal component analysis and flow analysis
Different techniques and methods have been widely used in the subject of automatic anomaly detection in computer networks. Attacks, problems and internal failures when not detected early may badly harm an entire Network system. Thus, an autonomous anomaly detection system based on the statistical method principal component analysis (PCA) is proposed. This approach creates a network profile call...
متن کاملAnomaly Detection in Network Traffic: A Statistical Approach
A global Internet usage enlarge rate of 380% superior than the period from 2000, the year of the dot-com bubble burst, until present select that Internet technology has become a stand of our daily life. In the similar period, cyber-crime has seen an unbelievable to facilitate to create sophisticated protection device for computers and networks a complete necessity. Firewalls as the major protec...
متن کاملDetecting Traffic Anomalies at the Source through aggregate analysis of packet header data
The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing techniques for analyzing network traffic. If efficient analysis tools were available, it could become possible to detect the attacks, anomalies and to appropriately take action to contain the attacks before they have had time to propagate across the netw...
متن کاملTraffic Scene Analysis using Hierarchical Sparse Topical Coding
Analyzing motion patterns in traffic videos can be exploited directly to generate high-level descriptions of the video contents. Such descriptions may further be employed in different traffic applications such as traffic phase detection and abnormal event detection. One of the most recent and successful unsupervised methods for complex traffic scene analysis is based on topic models. In this pa...
متن کاملA Chi-square testing-based intrusion detection Model
The rapid growth of Internet malicious activities has become a major concern to network forensics and security community. With the increasing use of IT technologies for managing information there is a need for stronger intrusion detection mechanisms. Critical mission systems and applications require mechanisms able to detect any unauthorised activities. An Intrusion Detection System (IDS) acts ...
متن کامل