Nederlands
Contact
Sitemap
Search
OrganisationEEMCS EPrints Service
 |
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
Sperotto, A. and Sadre, R. and Pras, A.
(2008)
Anomaly Characterization in Flow-Based Traffic Time Series.
In: 8th IEEE International Workshop on IP Operations and Management, IPOM 2008, 22-26 September 2008, Samos, Greece.
pp. 15-27.
Lecture Notes in Computer Science 5275/2008.
Springer Verlag.
ISSN 1611-3349
ISBN 978-3-540-87356-3
Full text available as:
Official URL: http://dx.doi.org/10.1007/978-3-540-87357-0_2  AbstractThe increasing number of network attacks causes growing problems for network operators and users. Not only do these attacks pose direct security threats to our infrastructure, but they may also lead to service degradation, due to the massive traffic volume variations that are possible during such attacks. The recent spread of Gbps network technology made the problem of detecting these attacks harder, since existing packet-based monitoring and intrusion detection systems do not scale well to Gigabit speeds. Therefore the attention of the scientific community is shifting towards the possible use of aggregated traffic metrics. The goal of this paper is to investigate how malicious traffic can be characterized on the basis of such aggregated metrics, in particular by using flow, packet and byte frequency variations over time. The contribution of this paper is that it shows, based on a number of real case studies on high-speed networks, that all three metrics may be necessary for proper time series anomaly characterization.
Export this item as: To correct this item please ask your editor Repository Staff Only: edit this item |
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
|
|
|
|
|
||||||||||||||||||||||||||||||||
|
|
|
||||||||||||||||||||||||||||||||||
