Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
Network Traffic Analysis & Anomaly Detection based on Benford’s Law
Arshadi, Laleh | 2014
707
Viewed
- Type of Document: Ph.D. Dissertation
- Language: Farsi
- Document No: 46081 (19)
- University: Sharif University of Technology
- Department: Computer Enginnering Department
- Advisor(s): Jahangir, Amir Hossein
- Abstract:
- The attempt of this project is to propose a simple model for traffic analysis which eventually leads to the presentation of an online classifier for network traffic anomaly detection. In this research, e show empirically that despite the variety of data networks in size, number of users, applications, and load, the inter-arrival times of normal TCP flows comply with the Weibull distribution whereas specific irregularities (anomalies) causes deviations from the distribution. Consequently, any type of anomalies affecting TCP flows, including intentional intrusions or unintended faults and network failures in general, can be detected by analyzing the discrepancy of TCP flow inter-arrival times with this distribution. On the other hand, we analytically prove that a Weibull distributed random variable follows Benford's law, an empirical law that describes the distribution of leading digits in a collection of numbers met in naturally occurring phenomena. Therefore, we can easily substitute the Weibull conformance test with the less complicated first-digit test without loss of generality. Accordingly, we propose a window-based online classifier for network traffic anomaly detection method based on Benford’s law. Moreover, we show that network anomalies affect the entropy of TCP flow inter-arrival times; thereupon we propose another method for anomaly detection, more with the purpose of validating the first method. Finally we evaluate and compare the performance of both methods together and with two other anomaly detection methods presented recently in prestigious references
- Keywords:
- Anomaly Detection ; Entropy ; Network Traffic ; Weibull Distribution ; Benfords Law
Digital Object List-
محتواي کتاب - view
Bookmark