A PCA analysis of daily unwanted traffic

Kensuke Fukuda, Toshio Hirotsu, Osamu Akashi, Toshiharu Sugawara

研究成果: Conference contribution

8 被引用数 (Scopus)

抄録

This paper investigates the macroscopic behavior of unwanted traffic (e.g., virus, worm, backscatter of (D)DoS or misconfiguration) passing through the Internet. The data set we used are unwanted packets measured at /18 darknet in Japan from Oct. 2006 to Apr. 2009 that included the recent Conficker outbreak. The traffic behavior is quantified by the entropy of ten packet features (e.g., 5-tuple). Then, we apply PCA (principal component analysis) to a ten dimensional entropy time series matrix to obtain a suitable representation of unwanted traffic. PCA is a well-known and studied method for finding out normal and anomalous behaviors in Internet backbone traffic, however, few studies applied it to darknet traffic. We first demonstrate the high variability nature of the entropy time series for ten packet features. Next, we show that the top four principal components are sufficiently enough to describe the original traffic behavior. In particular, the first component can be interpreted as the type of unwanted traffic (i.e., worm/virus or scanning), and the second one as the difference in communication patterns (e.g., one-to-many or many-to-one). Those two components account for 63.8% of the original data set in terms of the total variance. On the other hand, the outliers in the higher components indicate the presence of specific anomalies although most of mapped data to the components have less variability. Furthermore, we show that the scatter plot of the first and second principal component scores provides us with a better view of the macroscopic unwanted traffic behavior.

本文言語English
ホスト出版物のタイトル24th IEEE International Conference on Advanced Information Networking and Applications, AINA 2010
ページ377-384
ページ数8
DOI
出版ステータスPublished - 2010 7 12
イベント24th IEEE International Conference on Advanced Information Networking and Applications, AINA2010 - Perth, WA, Australia
継続期間: 2010 4 202010 4 23

出版物シリーズ

名前Proceedings - International Conference on Advanced Information Networking and Applications, AINA
ISSN(印刷版)1550-445X

Conference

Conference24th IEEE International Conference on Advanced Information Networking and Applications, AINA2010
CountryAustralia
CityPerth, WA
Period10/4/2010/4/23

ASJC Scopus subject areas

  • Engineering(all)

フィンガープリント 「A PCA analysis of daily unwanted traffic」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル