| Presentation | 2007-09-21 A method of detecting network anomalies for periodic traffic Shigeaki HARADA, Ryoichi KAWAHARA, Tatsuya MORI, Noriaki KAMIYAMA, Hideaki YOSHINO, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | We present a method of detecting network anomalies, such as DDoS attacks and flash crowds, automatically in real time. We evaluated this method using measured traffic data and found that it successfully differentiates suspicious traffic. In this paper, we focus on periodic traffic which have daily cycle and/or weekly cycle, and we show that the accuracy of differentiation is improved using such periodic tendency in anomaly detection. Our method differentiates suspicious traffic that have different statistical characteristics from normal traffic. At the same time, our method learns periodic large-volume traffic, such as operating traffic, and considers them as legitimate at the end. Therefore, our method has fewer false-positives than original methods which do not consider periodic tendency. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DDoS attack / Anomaly Detection / Periodic traffic / Kalman Filter / Hoeffding-Azuma inequality |
| Paper # | IN2007-59 |
| Date of Issue |
| Conference Information | |
| Committee | IN |
|---|---|
| Conference Date | 2007/9/13(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Networks (IN) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A method of detecting network anomalies for periodic traffic |
| Sub Title (in English) | |
| Keyword(1) | DDoS attack |
| Keyword(2) | Anomaly Detection |
| Keyword(3) | Periodic traffic |
| Keyword(4) | Kalman Filter |
| Keyword(5) | Hoeffding-Azuma inequality |
| 1st Author's Name | Shigeaki HARADA |
| 1st Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation() |
| 2nd Author's Name | Ryoichi KAWAHARA |
| 2nd Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
| 3rd Author's Name | Tatsuya MORI |
| 3rd Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
| 4th Author's Name | Noriaki KAMIYAMA |
| 4th Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
| 5th Author's Name | Hideaki YOSHINO |
| 5th Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
| Date | 2007-09-21 |
| Paper # | IN2007-59 |
| Volume (vol) | vol.107 |
| Number (no) | 222 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |