Anomaly Characterization in Flow-Based Traffic Time Series

Anna Sperotto, Ramin Sadre, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    14 Citations (Scopus)
    6 Downloads (Pure)

    Abstract

    The increasing number of network attacks causes growing problems for network operators and users. Not only do these attacks pose direct security threats to our infrastructure, but they may also lead to service degradation, due to the massive traffic volume variations that are possible during such attacks. The recent spread of Gbps network technology made the problem of detecting these attacks harder, since existing packet-based monitoring and intrusion detection systems do not scale well to Gigabit speeds. Therefore the attention of the scientific community is shifting towards the possible use of aggregated traffic metrics. The goal of this paper is to investigate how malicious traffic can be characterized on the basis of such aggregated metrics, in particular by using flow, packet and byte frequency variations over time. The contribution of this paper is that it shows, based on a number of real case studies on high-speed networks, that all three metrics may be necessary for proper time series anomaly characterization.
    Original languageEnglish
    Title of host publicationIP Operations and Management
    Subtitle of host publication8th IEEE International Workshop, IPOM 2008, Samos Island, Greece, September 22-26, 2008. Proceedings
    EditorsNail Akar, Michal Pioro, Charalabos Skianis
    Place of PublicationBerlin
    PublisherSpringer
    Pages15-27
    Number of pages13
    ISBN (Electronic)978-3-540-87357-0
    ISBN (Print)978-3-540-87356-3
    DOIs
    Publication statusPublished - 25 Sep 2008
    Event8th IEEE International Workshop on IP Operations and Management, IPOM 2008 - Samos, Greece
    Duration: 22 Sep 200826 Sep 2008
    Conference number: 8

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume5275
    ISSN (Print)1611-3349
    ISSN (Electronic)1611-3349

    Workshop

    Workshop8th IEEE International Workshop on IP Operations and Management, IPOM 2008
    Abbreviated titleIPOM
    CountryGreece
    CitySamos
    Period22/09/0826/09/08

    Keywords

    • EWI-13579
    • IR-62480
    • METIS-251219

    Fingerprint Dive into the research topics of 'Anomaly Characterization in Flow-Based Traffic Time Series'. Together they form a unique fingerprint.

    Cite this