A flow analysis for mining traffic anomalies

Yoshiki Kanda, Kensuke Fukuda, Toshiharu Sugawara

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    11 Citations (Scopus)

    Abstract

    Although analyzing anomalous network traffic behavior is a popular research topic, few studies have been undertaken on the analysis of communication pattern per host based on their flows to characterize the anomalous Internet traffic. This paper discusses the possibility of using a flow-based communication pattern per host as a metric to identify anomalies. The key idea underlining our method is that scanning worm-infected hosts reveal the intrinsic characteristics of host's communication pattern and such patterns are distinguishable from those of other hosts. In particular, we found that scanning of worm-infected hosts that generated a lot of flows revealed the intrinsic communication pattern and the pattern could be classified from those of other hosts by k-means clustering.We also found that our flow-based metric could isolate the anomalies that have little influence upon the volumetric information of traffic and flow as "lines", which is remarkable in that the hosts that caused the hidden anomalies were mined out.

    Original languageEnglish
    Title of host publicationIEEE International Conference on Communications
    DOIs
    Publication statusPublished - 2010
    Event2010 IEEE International Conference on Communications, ICC 2010 - Cape Town
    Duration: 2010 May 232010 May 27

    Other

    Other2010 IEEE International Conference on Communications, ICC 2010
    CityCape Town
    Period10/5/2310/5/27

      Fingerprint

    ASJC Scopus subject areas

    • Electrical and Electronic Engineering
    • Computer Networks and Communications

    Cite this

    Kanda, Y., Fukuda, K., & Sugawara, T. (2010). A flow analysis for mining traffic anomalies. In IEEE International Conference on Communications [5502463] https://doi.org/10.1109/ICC.2010.5502463