A framework for detection of traffic anomalies based on IP aggregation

Marat Zhanikeev*, Yoshiaki Tanaka

*この研究の対応する著者

研究成果: Article査読

1 被引用数 (Scopus)

抄録

Traditional traffic analysis is can be performed online only when detection targets are well specified and are fairly primitive. Local processing at measurement point is discouraged as it would considerably affect major functionality of a network device. When traffic is analyzed at flow level, the notion of flow timeout generates differences in flow lifespan and impedes unbiased monitoring, where only n-top flows ordered by a certain metric are considered. This paper proposes an alternative manner of traffic analysis based on source IP aggregation. The method uses flows as basic building blocks but ignores timeouts, using short monitoring intervals instead. Multidimensional space of metrics obtained through IP aggregation, however, enhances capabilities of traffic analysis by facilitating detection of various anomalous conditions in traffic simultaneously.

本文言語English
ページ(範囲)16-23
ページ数8
ジャーナルIEICE Transactions on Information and Systems
E92-D
1
DOI
出版ステータスPublished - 2009

ASJC Scopus subject areas

  • ソフトウェア
  • ハードウェアとアーキテクチャ
  • コンピュータ ビジョンおよびパターン認識
  • 電子工学および電気工学
  • 人工知能

フィンガープリント

「A framework for detection of traffic anomalies based on IP aggregation」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル