Detecting Correlated Anomalous Flows using the Equilibrium Property
نویسندگان
چکیده
We have empirically observed that the average volume change across flows is close to zero in links carrying a large enough number of flows. This flow equilibrium property holds if the flows are nearly independent, and it is violated by traffic changes caused by several, potentially small, correlated flows. Many traffic anomalies fit this description, including scans, DDoS attacks, and routing shifts. Based on this observation, we exploit equilibrium to design a detection method for correlated anomalous flows. Our method identifies a qualitatively different set of anomalies compared with statistical techniques based on volume and entropy. It has two features that make it more practical than previously proposed methods: (1) it does not require a learning phase from time series data and (2) it provides an estimate of the volume of traffic involved in an anomaly.
منابع مشابه
Separation Between Anomalous Targets and Background Based on the Decomposition of Reduced Dimension Hyperspectral Image
The application of anomaly detection has been given a special place among the different processings of hyperspectral images. Nowadays, many of the methods only use background information to detect between anomaly pixels and background. Due to noise and the presence of anomaly pixels in the background, the assumption of the specific statistical distribution of the background, as well as the co...
متن کاملCorrelations Between Quiescent Ports in Network Flows
TCP/IP ports which are not in regular use (quiescent ports) can show surges in activity for several reasons. Two examples include the discovery of a vulnerability in an unused (but still present) network service or a new backdoor which runs on an unassigned or obsolete port. Identifying this anomalous activity can be a challenge, however, due to the ever-present background of vertical scanning,...
متن کاملPeriodically correlated and multivariate symmetric stable processes related to periodic and cyclic flows
In this work we introduce and study discrete time periodically correlated stable processes and multivariate stationary stable processes related to periodic and cyclic flows. Our study involves producing a spectral representation and a spectral identification for such processes. We show that the third component of a periodically correlated stable process has a component related to a...
متن کاملUnique Equilibrium States for Flows and Homeomorphisms with Non-uniform Structure
Using an approach due to Bowen, Franco showed that continuous expansive flows with specification have unique equilibrium states for potentials with the Bowen property. We show that this conclusion remains true using weaker non-uniform versions of specification, expansivity, and the Bowen property. We also establish a corresponding result for homeomorphisms. In the homeomorphism case, we obtain ...
متن کاملExistence results for equilibrium problems under strong sign property
This paper concerns equilibrium problems in real metric linear spaces. Considering a modified notion of upper sign property for bifunctions, we obtain the relationship between the solution sets of the local Minty equilibrium problem and the equilibrium problem, where the technical conditions on $f$ used in the literature are relaxed. The KKM technique is used to generalize and unify some exist...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008