Detecting anomalous traffic using communication graphs

Keisuke Ishibashi, Tsuyoshi Kondoh, Shigeaki Harada, Tatsuya Mori, Ryoichi Kawahara, Shoichiro Asano

研究成果: Paper査読

6 被引用数 (Scopus)

抄録

We present a method to detect anomalies in a time series of inter-host communication patterns. There are many existing methods for anomaly detection in a time series of traffic volume data, such as number of packets or bytes. However, there is no established method detecting anomalies in a time series of communication patterns that can be represented as graphs. Extracting communication structure enables us to identify low-intensity anomalous network events, e.g., botnet command and control communications, which cannot be detected with conventional volume-based anomaly detection schemes. In this paper, we first define the similarity of two graphs, and then we present a method to detect any anomalous graph that has little similarity with other graphs. This method was evaluated with actual traffic data, and anomalous graphs in which new clusters appeared were detected.

本文言語English
ページ192-197
ページ数6
出版ステータスPublished - 2010
外部発表はい
イベントWorld Telecommunications Congress 2010, WTC 2010 - Wien, Austria
継続期間: 2010 9月 132010 9月 14

Conference

ConferenceWorld Telecommunications Congress 2010, WTC 2010
国/地域Austria
CityWien
Period10/9/1310/9/14

ASJC Scopus subject areas

  • コンピュータ ネットワークおよび通信

フィンガープリント

「Detecting anomalous traffic using communication graphs」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル