We propose a novel approach to detect anomalous network traffic by analyzing communication patterns in time series. The method is based on graph theory concepts such as degree distribution and maximum degree, and we introduce the new concept of dK-2 distance [1]. In our approach, we use traffic dispersion graphs (TDGs) to extract communication structure [2]. By analyzing differences of TDG graphs in time series we are able to detect anomalous events such as botnet command and control communications, which cannot be identified by using volume-based approaches or flows/packets counters. We evaluate our approach with the 1999 DARPA intrusion detection data set and the network trace from POSTECH on July 2009. © 2012 IEEE.
Le, D., Jeong, T., Roman, H., Hong, J. (2012). Communication patterns based detection of anomalous network traffic. In ISI 2012 - 2012 IEEE International Conference on Intelligence and Security Informatics: Cyberspace, Border, and Immigration Securities (pp.185-185) [10.1109/ISI.2012.6284297].
Communication patterns based detection of anomalous network traffic
Roman H. E.;
2012
Abstract
We propose a novel approach to detect anomalous network traffic by analyzing communication patterns in time series. The method is based on graph theory concepts such as degree distribution and maximum degree, and we introduce the new concept of dK-2 distance [1]. In our approach, we use traffic dispersion graphs (TDGs) to extract communication structure [2]. By analyzing differences of TDG graphs in time series we are able to detect anomalous events such as botnet command and control communications, which cannot be identified by using volume-based approaches or flows/packets counters. We evaluate our approach with the 1999 DARPA intrusion detection data set and the network trace from POSTECH on July 2009. © 2012 IEEE.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
