Loading...
An empirical study on TCP flow interarrival time distribution for normal and anomalous traffic
Arshadi, L ; Sharif University of Technology
485
Viewed
- Type of Document: Article
- DOI: 10.1002/dac.2881
- Abstract:
- SUMMARY: In this paper, we study the effects of anomalies on the distribution of TCP flow interarrival time process. We show empirically that despite the variety of data networks in size, number of users, applications, and load, the interarrival times of normal flows comply with the Weibull distribution, whereas specific irregularities (anomalies) causes deviations from the distribution. We first estimate the scale and shape parameters and then check the discrepancy of the data from a Weibull distribution with the estimated parameters. We also utilize the Weibull counting model to recheck the conformance of small flow interarrival times with the distribution. We perform our experiments on a diverse variety of traffic data sets from backbone connections to endpoints of academic and commercial networks. Moreover, we propose a window-based anomaly detection method as a possible application of our findings in which we first estimate the Weibull parameters of interarrival times in each window and then check the discrepancy of the data with a Weibull distribution with the estimated parameters and set an alarm whenever the difference is significant. We apply this method on one of our data sets and present the results to clarify the idea and show its capability in detecting volume anomalies
- Keywords:
- Weibull counting model ; Parameter estimation ; Signal detection ; Anomaly detection ; Counting models ; Network traffic analysis ; SYN attacks ; TCP flows ; Weibull distribution
- Source: International Journal of Communication Systems ; 2015 ; 10745351 (ISSN)
- URL: http://onlinelibrary.wiley.com/doi/10.1002/dac.2881/abstract