Detecting network attacks in the Internet via statistical network traffic normality prediction

Document Type

Article

Publication Date

3-1-2004

Abstract

The information technology advances that provide new capabilities to the network users and providers, also provide powerful new tools for network intruders that intend to launch attacks on critical information resources. In this paper we present a novel network attack diagnostic methodology, based on the characterization of the dynamic statistical properties of normal network traffic. The ability to detect network anomalies and attacks as unacceptable when significant deviations from the expected behavior occurs. Specifically, to provide an accurate identification of the normal network traffic behavior, we first develop an anomaly-tolerant nonstationary traffic prediction technique that is capable of removing both single pulse and continuous anomalies. Furthermore, we introduce and design dynamic thresholds, where we define adaptive anomaly violation conditions as a combined function of both magnitude and duration of the traffic deviations. Finally numerical results are presented that demonstrate the operational effectiveness and efficiency of the proposed approach under the presence of different attacks, such as mail-bombing attacks and UDP flooding attacks.

Identifier

3543088029 (Scopus)

Publication Title

Journal of Network and Systems Management

External Full Text Location

https://doi.org/10.1023/B:JONS.0000015698.32353.61

ISSN

10647570

First Page

51

Last Page

72

Issue

1

Volume

12

This document is currently not available here.

Share

COinS