Dynamic Modeling of Internet Traffic for Intrusion Detection
Computer network traffic is analyzed via mutual information techniques, implemented using linear and nonlinear canonical correlation analyses, with the specific objective of detecting UDP flooding attacks. NS simulation of HTTP, FTP, and CBR traffic shows that flooding attacks are accompanied by a c...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2007-01-01
|
| Series: | EURASIP Journal on Advances in Signal Processing |
| Online Access: | http://dx.doi.org/10.1155/2007/90312 |
| _version_ | 1819045017780486144 |
|---|---|
| author | Stephan Bohacek Khushboo Shah Edmond Jonckheere |
| author_facet | Stephan Bohacek Khushboo Shah Edmond Jonckheere |
| author_sort | Stephan Bohacek |
| collection | DOAJ |
| description | Computer network traffic is analyzed via mutual information techniques, implemented using linear and nonlinear canonical correlation analyses, with the specific objective of detecting UDP flooding attacks. NS simulation of HTTP, FTP, and CBR traffic shows that flooding attacks are accompanied by a change of mutual information, either at the link being flooded or at another upstream or downstream link. This observation appears to be topology independent, as the technique is demonstrated on the so-called parking-lot topology, random 50-node topology, and 100-node transit-stub topology. This technique is also employed to detect UDP flooding with low false alarm rate on a backbone link. These results indicate that a change in mutual information provides a useful detection criterion when no other signature of the attack is available. |
| first_indexed | 2024-12-21T10:21:53Z |
| format | Article |
| id | doaj.art-dd4d2f55a7fc4a88ab08f4b767958e44 |
| institution | Directory Open Access Journal |
| issn | 1687-6172 1687-6180 |
| language | English |
| last_indexed | 2024-12-21T10:21:53Z |
| publishDate | 2007-01-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | EURASIP Journal on Advances in Signal Processing |
| spelling | doaj.art-dd4d2f55a7fc4a88ab08f4b767958e442022-12-21T19:07:25ZengSpringerOpenEURASIP Journal on Advances in Signal Processing1687-61721687-61802007-01-01200710.1155/2007/90312Dynamic Modeling of Internet Traffic for Intrusion DetectionStephan BohacekKhushboo ShahEdmond JonckheereComputer network traffic is analyzed via mutual information techniques, implemented using linear and nonlinear canonical correlation analyses, with the specific objective of detecting UDP flooding attacks. NS simulation of HTTP, FTP, and CBR traffic shows that flooding attacks are accompanied by a change of mutual information, either at the link being flooded or at another upstream or downstream link. This observation appears to be topology independent, as the technique is demonstrated on the so-called parking-lot topology, random 50-node topology, and 100-node transit-stub topology. This technique is also employed to detect UDP flooding with low false alarm rate on a backbone link. These results indicate that a change in mutual information provides a useful detection criterion when no other signature of the attack is available.http://dx.doi.org/10.1155/2007/90312 |
| spellingShingle | Stephan Bohacek Khushboo Shah Edmond Jonckheere Dynamic Modeling of Internet Traffic for Intrusion Detection EURASIP Journal on Advances in Signal Processing |
| title | Dynamic Modeling of Internet Traffic for Intrusion Detection |
| title_full | Dynamic Modeling of Internet Traffic for Intrusion Detection |
| title_fullStr | Dynamic Modeling of Internet Traffic for Intrusion Detection |
| title_full_unstemmed | Dynamic Modeling of Internet Traffic for Intrusion Detection |
| title_short | Dynamic Modeling of Internet Traffic for Intrusion Detection |
| title_sort | dynamic modeling of internet traffic for intrusion detection |
| url | http://dx.doi.org/10.1155/2007/90312 |
| work_keys_str_mv | AT stephanbohacek dynamicmodelingofinternettrafficforintrusiondetection AT khushbooshah dynamicmodelingofinternettrafficforintrusiondetection AT edmondjonckheere dynamicmodelingofinternettrafficforintrusiondetection |