Network systems need to be able to detect malicious activity and characterize it so that proper actions may be taken. This need is clearly demonstrated through the observed growth rate of informational and economic damage caused by intentionally or unintentionally induced attacks, faults, defects, etc. Network traffic characterization needs to take place accurately and quickly in real time to facilitate prompt appropriate action. Computational and storage resource limits require ingenuity to effectively characterize constantly varying network traffic trends. This paper aims to study network traffic characterization through applying forecasting algorithms to network traffic data and attempting to characterize the aberrations. A series of network traffic anomalies are studied and explained, these explanations are then linked with the specific anomaly’s unique characteristics to expose a set of conditions that distinguish the particular event. This characterization would provide a basis for appropriate responses to network activity.
[1]
Hari Balakrishnan,et al.
Fast portscan detection using sequential hypothesis testing
,
2004,
IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.
[2]
Robert K. Cunningham,et al.
A taxonomy of computer worms
,
2003,
WORM '03.
[3]
Paul Barford,et al.
A signal analysis of network traffic anomalies
,
2002,
IMW '02.
[4]
Kang G. Shin,et al.
Detecting SYN flooding attacks
,
2002,
Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.
[5]
Thomas Henry Ptacek,et al.
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
,
1998
.
[6]
Balachander Krishnamurthy,et al.
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
,
2002,
WWW.
[7]
Balachander Krishnamurthy,et al.
Sketch-based change detection: methods, evaluation, and applications
,
2003,
IMC '03.