当前位置: X-MOL 学术Electronics › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Network Anomaly Detection inside Consumer Networks—A Hybrid Approach
Electronics ( IF 2.6 ) Pub Date : 2020-06-01 , DOI: 10.3390/electronics9060923
Darsh Patel , Kathiravan Srinivasan , Chuan-Yu Chang , Takshi Gupta , Aman Kataria

With an increasing number of Internet of Things (IoT) devices in the digital world, the attack surface for consumer networks has been increasing exponentially. Most of the compromised devices are used as zombies for attacks such as Distributed Denial of Services (DDoS). Consumer networks, unlike most commercial networks, lack the infrastructure such as managed switches and firewalls to easily monitor and block undesired network traffic. To counter such a problem with limited resources, this article proposes a hybrid anomaly detection approach that detects irregularities in the network traffic implicating compromised devices by using only elementary network information like Packet Size, Source, and Destination Ports, Time between subsequent packets, Transmission Control Protocol (TCP) Flags, etc. Essential features can be extracted from the available data, which can further be used to detect zero-day attacks. The paper also provides the taxonomy of various approaches to classify anomalies and description on capturing network packets inside consumer networks.

中文翻译:

消费者网络内部的网络异常检测-混合方法

随着数字世界中物联网(IoT)设备数量的增加,消费者网络的攻击面呈指数级增长。大多数受感染的设备都被用作攻击的僵尸,例如分布式拒绝服务(DDoS)。与大多数商业网络不同,消费类网络缺少诸如托管交换机和防火墙之类的基础架构,无法轻松监视和阻止不希望的网络流量。为了解决资源有限的问题,本文提出了一种混合异常检测方法,该方法仅使用基本网络信息(例如数据包大小,源和目标端口,后续数据包之间的时间,传输控制)来检测与受感染设备相关的网络流量中的异常情况。协议(TCP)标志等 可以从可用数据中提取基本功能,这些功能可以进一步用于检测零时差攻击。本文还提供了分类异常的各种方法的分类,并描述了在消费者网络内部捕获网络数据包的方法。
更新日期:2020-06-01
down
wechat
bug