A method of detecting network anomalies in cyclic traffic

Shigeaki Harada, Ryoichi Kawahara, Tatsuya Mori, Noriaki Kamiyama, Haruhisa Hasegawa, Hideaki Yoshino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

We present a method of detecting network anomalies, such as DDoS (distributed denial of service) attacks and flash crowds, automatically in real time. We evaluated this method using measured traffic data and found that it successfully differentiated suspicious traffic. In this paper, we focus on cyclic traffic, which has a daily and/or weekly cycle, and show that the differentiation accuracy is improved by utilizing such a cyclic tendency in anomaly detection. Our method differentiates suspicious traffic that has different statistical characteristics from normal traffic. At the same time, it learns about cyclic large- volume traffic, such as traffic for network operations, and finally considers it to be legitimate.

Original languageEnglish
Title of host publication2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Pages2057-2061
Number of pages5
DOIs
Publication statusPublished - 2008 Dec 1
Externally publishedYes
Event2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 - New Orleans, LA, United States
Duration: 2008 Nov 302008 Dec 4

Publication series

NameGLOBECOM - IEEE Global Telecommunications Conference

Conference

Conference2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
CountryUnited States
CityNew Orleans, LA
Period08/11/3008/12/4

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'A method of detecting network anomalies in cyclic traffic'. Together they form a unique fingerprint.

  • Cite this

    Harada, S., Kawahara, R., Mori, T., Kamiyama, N., Hasegawa, H., & Yoshino, H. (2008). A method of detecting network anomalies in cyclic traffic. In 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 (pp. 2057-2061). [4698171] (GLOBECOM - IEEE Global Telecommunications Conference). https://doi.org/10.1109/GLOCOM.2008.ECP.396