By Topic

F-TAD: Traffic Anomaly Detection for Sub-networks Using Fisher Linear Discriminant

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Hyunhee Park ; Dept. of Electr. Eng., Korea Univ., Seoul, South Korea ; Meejoung Kim ; Chul-Hee Kang

Traffic anomaly detection is one of the most important technologies that should be considered in network security and administration. In this paper, we propose a traffic anomaly detection mechanism that includes traffic monitoring and traffic analysis. We develop an analytical system called WISE-Mon that inspects the traffic behavior by monitoring and analyzing the traffic. We establish a criterion for detecting abnormal traffic by analyzing training set of traffic and applying Fisher linear discriminant method. By using the properties of distributions such as chi-square distribution and normal distribution to the training set, we derive a hyperplane which enables to detect abnormal traffic. Since the trend of traffic can be changed as time passes, the hyperplane has to be updated periodically to reflect the changes. Accordingly, we consider the self-learning algorithm which reflects the trend of traffic and so enables to increase accuracy of detection. The proposed mechanism is reliable for traffic anomaly detection and compatible to real-time detection. For the numerical results, we use a traffic set collected from campus network. It shows that the proposed mechanism is reliable and accurate for detecting the abnormal traffic. Furthermore, it is observed that the proposed mechanism can categorize a set of abnormal traffic into various malicious traffic subsets.

Published in:

Network and System Security, 2009. NSS '09. Third International Conference on

Date of Conference:

19-21 Oct. 2009