A Network Traffic Supervision System Based on Feature Parameters Distribution

At the present time, most existing network traffic supervision systems just focus on the traffic volume, which leads to a wealth of information contained in this data source being not mined well. In view of this situation, this paper utilizes entropy to capture the distribution change of network traffic feature parameters such as source IP, destination IP and destination port, and analyses the network traffic from this point of view. The method which adopts the change of the network traffic feature parameters distribution to discover anomalies is different from previous methods which pay more attention to the volume of the traffic. By using this method, we can capture the microscopical anomalies. Finally, we use this method to implement such a supervision system and the experimental result shows that the system pattern which analyzes both volume and feature parameters distribution of traffic has a higher detecting rate and lower false rate.

[1]  Joohan Lee,et al.  Packet- vs. session-based modeling for intrusion detection systems , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[2]  Jennifer Widom,et al.  STREAM: The Stanford Stream Data Manager , 2003, IEEE Data Eng. Bull..

[3]  Frank Feather,et al.  A case study of Ethernet anomalies in a distributed computing environment , 1990 .

[4]  Lan Qing-guo Design and Implementation of a System on Network Traffic Monitoring and Prediction , 2006 .

[5]  Israel Cohen,et al.  Anomaly detection based on an iterative local statistics approach , 2004, 2004 23rd IEEE Convention of Electrical and Electronics Engineers in Israel.

[6]  Marina Thottan,et al.  Anomaly detection in IP networks , 2003, IEEE Trans. Signal Process..

[7]  Mark Crovella,et al.  Characterization of network-wide anomalies in traffic flows , 2004, IMC '04.