论文信息 - Fractional Gaussian Noise: A Tool of Characterizing Traffic for Detection Purpose

Fractional Gaussian Noise: A Tool of Characterizing Traffic for Detection Purpose

Detecting signs of distributed denial-of-service (DDOS) flood attacks based on traffic time series analysis needs characterizing traffic series using a statistical model. The essential thing about this model should consistently characterize various types of traffic (such as TCP, UDP, IP, and OTHER) in the same order of magnitude of modeling accuracy. Our previous work [1] uses fractional Gaussian noise (FGN) as a tool for featuring traffic series for the purpose of reliable detection of signs of DDOS flood attacks. As a supplement of [1], this article gives experimental investigations to show that FGN can yet be used for modeling autocorrelation functions of various types network traffic (TCP, UDP, IP, OTHER) consistently in the sense that the modeling accuracy (expressed by mean square error) is in the order of magnitude of 10− − 3.

Ming Li | Chi-Hung Chi | Dongyang Long

[1] Walter Willinger,et al. Self-Similarity in High-Speed Packet Traffic: Analysis and Modeling of Ethernet Traffic Measurements , 1995 .

[2] V. Paxson,et al. WHERE MATHEMATICS MEETS THE INTERNET , 1998 .

[3] Wei Zhao,et al. Modeling autocorrelation functions of self-similar teletraffic in communication networks based on optimal approximation in Hilbert space , 2003 .

[4] Vern Paxson,et al. Fast, approximate synthesis of fractional Gaussian noise for generating self-similar network traffic , 1997, CCRV.

[5] Sally Floyd,et al. Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[6] Ming Li,et al. An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition , 2004, Comput. Secur..

[7] A. Adas,et al. Traffic models in broadband networks , 1997, IEEE Commun. Mag..

[8] N.D. Georganas,et al. Self-Similar Processes in Communications Networks , 1998, IEEE Trans. Inf. Theory.

[9] Ming Li,et al. A correlation-based computational model for synthesizing long-range dependent data , 2003, J. Frankl. Inst..

[10] Jan Beran,et al. Statistics for long-memory processes , 1994 .

[11] Weijia Jia,et al. Correlation form of timestamp increment sequences of self-similar traffic on Ethernet , 2000 .

[12] A. Balakrishnan. Applied Functional Analysis , 1976 .

[13] H. Michiel,et al. Teletraffic engineering in a broad-band era , 1997, Proc. IEEE.