By Topic

Research of Real-Time anomaly detection based on network traffic sampling measurement

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Zhou Yan-sen ; Dept. of lnformation Sci. & Technol., Univ. of Int. Relations, Beijing, China ; Pan Tian

Real-Time anomaly detection is currently a hot topic in the area of network security research. In this paper, we firstly introduce the average length of data message as the measurement of abnormal behavior, and then advance a model of sampling measurement, in which the stratified sampling algorithm based on content trigger is utilized to select the bits in the IP packet identification field as the sampling and mask's length and contents. The comparison between statistic characters of total messages traffic and the samples in a large-scale network decides whether the sampIes are precise and efficient. Based on statistic characters of the samples and examination theory of hypothesis, real-time anomaly detection model is built. Lastly, average length of network data packets is defined to be the measurement of network behavior, and then we successfully realize the real time detection of distributed denial of service attack of network. Methods and ideas in this paper could provide some meaningful advice for other network security detection researches.

Published in:

Computer Science and Network Technology (ICCSNT), 2011 International Conference on  (Volume:4 )

Date of Conference:

24-26 Dec. 2011