论文信息 - An intrusion alarming system based on self-similarity of network traffic

An intrusion alarming system based on self-similarity of network traffic

Intrusion detection system can make effective alarm for illegality of network users, which is absolutely necessarily and important to build security environment of communication base service. According to the principle that the number of network traffic can affect the degree of self-similar traffic, the paper investigates the variety of self-similarity resulted from unconventional network traffic. A network traffic model based on normal behaviors of user is proposed and the Hurst parameter of this model can be calculated. By comparing the Hurst parameter of normal traffic and the self-similar parameter, we can judge whether the network is normal or not and alarm in time.

Chen Yu-feng | Yu Fei | Zhu Miao-liang | Li Ren-fa | Xu Cheng

[1] Walter Willinger,et al. On the Self-Similar Nature of Ethernet Traffic ( extended version ) , 1995 .

[2] J. F. McClary,et al. NADIR: An automated system for detecting network intrusion and misuse , 1993, Comput. Secur..

[3] Udo W. Pooch,et al. Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[4] Azer Bestavros,et al. Self-similarity in World Wide Web traffic: evidence and possible causes , 1996, SIGMETRICS '96.

[5] Stephanie Forrest,et al. Infect Recognize Destroy , 1996 .

[6] E CrovellaMark,et al. Self-similarity in World Wide Web traffic , 1996 .

[7] Azer Bestavros,et al. Self-similarity in World Wide Web traffic: evidence and possible causes , 1997, TNET.

[8] Walter Willinger,et al. On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.