当前位置:
X-MOL 学术
›
Int. J. Netw. Manag.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Network anomaly detection using a cross‐correlation‐based long‐range dependence analysis
International Journal of Network Management ( IF 1.5 ) Pub Date : 2020-07-30 , DOI: 10.1002/nem.2129 Basil AsSadhan 1 , Abraham Alzoghaiby 2 , Hamad Binsalleeh 3 , Konstantinos G. Kyriakopoulos 4 , Sangarapillai Lambotharan 4
International Journal of Network Management ( IF 1.5 ) Pub Date : 2020-07-30 , DOI: 10.1002/nem.2129 Basil AsSadhan 1 , Abraham Alzoghaiby 2 , Hamad Binsalleeh 3 , Konstantinos G. Kyriakopoulos 4 , Sangarapillai Lambotharan 4
Affiliation
|
The detection of anomalies in network traffic is an important task in today's Internet. Among various anomaly detection methods, the techniques based on examination of the long‐range dependence (LRD) behavior of network traffic stands out to be powerful. In this paper, we reveal anomalies in aggregated network traffic by examining the LRD behavior based on the cross‐correlation function of the bidirectional control and data planes traffic. Specifically, observing that the conventional cross‐correlation function has a low measure of dissimilarity between the two planes, which leads to a reduced anomaly detection performance, we propose a modification of the cross‐correlation function to mitigate this issue. The performance of the proposed method is analyzed using a relatively recent Internet traffic captured at King Saud University. The results demonstrate that using the modified cross‐correlation function has the ability to detect low volume and short duration attacks. It also compensates for some misdetections exhibited by using the autocorrelation structures of the bidirectional traffic of the control, data, and WHOLE (combined control and data) planes traffic.
中文翻译:
使用基于互相关的长期依赖关系分析的网络异常检测
在当今的Internet中,检测网络流量异常是一项重要的任务。在各种异常检测方法中,基于检查网络流量的长期依赖(LRD)行为的技术非常强大。在本文中,我们通过基于双向控制和数据平面流量的互相关函数检查LRD行为,揭示了聚合网络流量中的异常情况。具体而言,考虑到常规互相关函数在两个平面之间的相异度较低,从而导致异常检测性能降低,我们建议对互相关函数进行修改以缓解此问题。使用在沙特国王大学捕获的相对较新的Internet流量来分析所提出方法的性能。结果表明,使用改进的互相关函数可以检测到小容量攻击和短时攻击。通过使用控制,数据和WHOLE(组合控制和数据)平面流量的双向流量的自相关结构,它还可以补偿某些误检测。
更新日期:2020-07-30
中文翻译:
使用基于互相关的长期依赖关系分析的网络异常检测
在当今的Internet中,检测网络流量异常是一项重要的任务。在各种异常检测方法中,基于检查网络流量的长期依赖(LRD)行为的技术非常强大。在本文中,我们通过基于双向控制和数据平面流量的互相关函数检查LRD行为,揭示了聚合网络流量中的异常情况。具体而言,考虑到常规互相关函数在两个平面之间的相异度较低,从而导致异常检测性能降低,我们建议对互相关函数进行修改以缓解此问题。使用在沙特国王大学捕获的相对较新的Internet流量来分析所提出方法的性能。结果表明,使用改进的互相关函数可以检测到小容量攻击和短时攻击。通过使用控制,数据和WHOLE(组合控制和数据)平面流量的双向流量的自相关结构,它还可以补偿某些误检测。
京公网安备 11010802027423号