This is a Demo Server. Data inside this system is only for test purpose.
 

Anomaly detection using network traffic characterization

No Thumbnail Available

Date

2009

Journal Title

Journal ISSN

Volume Title

Publisher

Izmir Institute of Technology
Izmir Institute of Technology

Open Access Color

Green Open Access

Yes

OpenAIRE Downloads

OpenAIRE Views

Publicly Funded

No

Research Projects

Organizational Units

Journal Issue

Abstract

Detecting suspicious traffic and anomaly sources are a general tendency about approaching the traffic analyzing. Since the necessity of detecting anomalies, different approaches are developed with their software candidates. Either event based or signature based anomaly detection mechanism can be applied to analyze network traffic. Signature based approaches require the detected signatures of the past anomalies though event based approaches propose a more flexible approach that is defining application level abnormal anomalies is possible. Both approach focus on the implementing and defining abnormal traffic. The problem about anomaly is that there is not a common definition of anomaly for all protocols or malicious attacks. In this thesis it is aimed to define the non-malicious traffic and extract it, so that the rest is marked as suspicious traffic for further traffic. To achieve this approach, a method and its software application to identify IP sessions, based on statistical metrics of the packet flows are presented. An adaptive network flow knowledge-base is derived. The knowledge-base is constructed using calculated flows attributes. A method to define known traffic is displayed by using the derived flow attributes. By using the attributes, analyzed flow is categorized as a known application level protocol. It is also explained a mathematical model to analyze the undefined traffic to display network traffic anomalies. The mathematical model is based on principle component analysis which is applied on the origindestination pair flows. By using metric based traffic characterization and principle component analysis it is observed that network traffic can be analyzed and some anomalies can be detected.

Description

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2009
Includes bibliographical references (leaves: 63-66)
Text in English Abstract: Turkish and English
ix, 80 leaves

Keywords

Matematik, Network security, Network flow problems, Computer Engineering and Computer Science and Control, Mathematics, Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrol

Turkish CoHE Thesis Center URL

Fields of Science

Citation

WoS Q

Scopus Q

Source

Volume

Issue

Start Page

End Page

Collections