LoSS Detection Approach Based on ESOSS and ASOSS Models

This paper investigates loss of self-similarity (LoSS) detection performance using exact and asymptotic second order self-similarity (ESOSS and ASOSS) models. Previous works on LoSS detection have used ESOSS model with fixed sampling that we believe is insufficient to reveal LoSS detection efficiently. In this work, we study two variables known as sampling level and correlation lag in order to improve LoSS detection accuracy. This is important when ESOSS and ASOSS models are considered concurrently in the self-similarity parameter estimation method. We used the optimization method (OM) to estimate the self-similarity parameter value since it was proven faster and more accurate compared to known methods in the literature. Our simulation results show that normal traffic behavior is not influenced by the sampling parameter. For abnormal traffic, however, LoSS detection accuracy is very much affected by the value of sampling level and correlation lag used in the estimation.

[1]  G.A. Marin,et al.  The LoSS Technique for Detecting New Denial of Service Attacks , 2004, IEEE SoutheastCon, 2004. Proceedings..

[2]  Mark E. Crovella,et al.  Effect of traffic self-similarity on network performance , 1997, Other Conferences.

[3]  Wei Yan,et al.  Anomaly detection and traffic shaping under self-similar aggregated traffic in optical switched networks , 2003, International Conference on Communication Technology Proceedings, 2003. ICCT 2003..

[4]  M. A. Maarof,et al.  Iterative Window Size Estimation on Self-Similarity Measurement for Network Traffic Anomaly Detection , 2004 .

[5]  Gianluca Mazzini,et al.  On the Aggregation of Self-Similar Processes , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Sally Floyd,et al.  Wide-area traffic: the failure of Poisson modeling , 1994 .

[7]  Azer Bestavros,et al.  Self-similarity in World Wide Web traffic: evidence and possible causes , 1996, SIGMETRICS '96.

[8]  Walter Willinger,et al.  Experimental queueing analysis with long-range dependent packet traffic , 1996, TNET.

[9]  Anja Feldmann,et al.  The changing nature of network traffic: scaling phenomena , 1998, CCRV.

[10]  J. S. Marron,et al.  Long-range dependence in a changing Internet traffic mix , 2005, Comput. Networks.

[11]  Derong Liu,et al.  Synthesis of fractional gaussian noise using linear approximation for generating self-similar network traffic , 2000, CCRV.

[12]  W. Schleifer,et al.  Online error detection through observation of traffic self-similarity , 2001 .

[13]  Ali Selamat,et al.  Loss of self-similarity detection with second order statistical model and multi-level aggregation approach , 2007 .

[14]  Houssain Kettani,et al.  A novel approach to the estimation of the long-range dependence parameter , 2006, IEEE Transactions on Circuits and Systems II: Express Briefs.

[15]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[16]  A. Qayyum,et al.  Taxonomy of statistical based anomaly detection techniques for intrusion detection , 2005, Proceedings of the IEEE Symposium on Emerging Technologies, 2005..

[17]  Ali Selamat,et al.  Uncovering Anomaly Traffic Based on Loss of Self-Similarity Behavior Using Second Order Statistical Model , 2007 .

[18]  R G Clegg,et al.  A decade of Internet research — advances in models and practices , 2005 .

[19]  Lyal B. Harris November , 1890, The Hospital.

[20]  Walter Willinger,et al.  On the Self-Similar Nature of Ethernet Traffic ( extended version ) , 1995 .