Abstract
This paper develops parametric methods to detect
network anomalies using only aggregate traffic statistics, in contrast to other
works requiring flow separation, even when the anomaly is a small fraction of
the total traffic. By adopting simple statistical models for anomalous and
background traffic in the time domain, one can estimate model parameters in
real time, thus obviating the need for a long training phase or manual
parameter tuning. The proposed bivariate parametric detection mechanism (bPDM)
uses a sequential probability ratio test, allowing for control over the false
positive rate while examining the tradeoff between detection time and the
strength of an anomaly. Additionally, it uses both traffic-rate and packet-size
statistics, yielding a bivariate model that eliminates most false positives.
The method is analyzed using the bit-rate signal-to-noise ratio (SNR) metric,
which is shown to be an effective metric for anomaly detection. The performance
of the bPDM is evaluated in three ways. First, synthetically generated traffic
provides for a controlled comparison of detection time as a function of the
anomalous level of traffic. Second, the approach is shown to be able to detect
controlled artificial attacks over the University of Southern California (USC),
Los Angeles, campus network in varying real traffic mixes. Third, the proposed
algorithm achieves rapid detection of real denial-of-service attacks as
determined by the replay of previously captured network traces. The method
developed in this paper is able to detect all attacks in these scenarios in a
few seconds or less.
Software Requirements
Java1.5
Java Swing
Sql Server 2000
Windows Xp.
Hardware Requirements
Hard disk : 60GB
RAM : 1GB
Processor : P IV
No comments:
Post a Comment
Note: only a member of this blog may post a comment.