Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: Article
- DOI: 10.1016/j.jnca.2013.09.007
- Abstract:
- In this paper, we analyze the Internet traffic from a different point of view based on Benford's law, an empirical law that describes the distribution of leading digits in a collection of numbers met in naturally occurring phenomena. We claim that Benford's law holds for the inter-arrival times of TCP flows in case of normal traffic. Consequently, any type of anomalies affecting TCP flows, including intentional intrusions or unintended faults and network failures in general, can be detected by investigating the first-digit distributions of the inter-arrival times of TCP SYN packets. In this paper we apply our findings to the detection of intentional attacks, and leave other types of anomalies for future works. We support our claim with related researches that indicate the TCP flow inter-arrival times can be modeled by Weibull distribution with shape parameter less than 1, and show the relation between Weibull distributed data and Benford's law. Finally, we validate our findings on real traffic and achieve encouraging results
- Keywords:
- Computer network traffic analysis ; Weibull distribution ; Anomaly detection ; Benford's law ; Distributed data ; Intentional Attacks ; Inter-arrival time ; Naturally occurring ; Network traffic analysis ; Shape parameters ; Internet
- Source: Journal of Network and Computer Applications ; Vol. 40, issue. 1 , April , 2014 , p. 194-205
- URL: http://www.sciencedirect.com/science/article/pii/S1084804513001951