Computers & Security, 29(7), 737–755p. (2010) DOI:10.1016/j.cose.2010.05.002

Network anomaly detection through nonlinear analysis

F. Palmieri, U. Fiore

Nowadays every network is susceptible on a daily basis to a significant number of different threats and attacks both from the inside and outside world. Some attacks only exploit system vulnerabilities and their traffic pattern is undistinguishable from normal behavior, but in many cases the attack mechanisms combine protocol or OS tampering activity with a specific traffic pattern having its own particular characteristics. Since these traffic anomalies are now conceived as a structural part of the overall network traffic, it is more and more important to automatically detect, classify and identify them in order to react promptly and adequately. In this work we present a novel approach to network-based anomaly detection based on the analysis of non-stationary properties and "hidden" recurrence patterns occurring in the aggregated IP traffic flows. In the observation of the above transition patterns for detecting anomalous behaviors, we adopted recurrence quantification analysis, a nonlinear technique widely used in many science fields to explore the hidden dynamics and time correlations of statistical time series. Our model demonstrated to be effective for providing a deterministic interpretation of recurrence patterns originated by the complex traffic dynamics observable during the occurrence of "noisy" network anomaly phenomena (characterized by measurable variations in the statistical properties of the traffic time series), and hence for developing qualitative and quantitative observations that can be reliably used in detecting such events.

back


Creative Commons License © 2017 SOME RIGHTS RESERVED
The content of this web site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.0 Germany License.

Please note: The abstracts of the bibliography database may underly other copyrights.

Ihr Browser versucht gerade eine Seite aus dem sogenannten Internet auszudrucken. Das Internet ist ein weltweites Netzwerk von Computern, das den Menschen ganz neue Möglichkeiten der Kommunikation bietet.

Da Politiker im Regelfall von neuen Dingen nichts verstehen, halten wir es für notwendig, sie davor zu schützen. Dies ist im beidseitigen Interesse, da unnötige Angstzustände bei Ihnen verhindert werden, ebenso wie es uns vor profilierungs- und machtsüchtigen Politikern schützt.

Sollten Sie der Meinung sein, dass Sie diese Internetseite dennoch sehen sollten, so können Sie jederzeit durch normalen Gebrauch eines Internetbrowsers darauf zugreifen. Dazu sind aber minimale Computerkenntnisse erforderlich. Sollten Sie diese nicht haben, vergessen Sie einfach dieses Internet und lassen uns in Ruhe.

Die Umgehung dieser Ausdrucksperre ist nach §95a UrhG verboten.

Mehr Informationen unter www.politiker-stopp.de.