A novel packet header visualization methodology for network anomaly detection

This paper presents novel methodology to visualize network traffic. In this paper, methods of transforming network packet header data to image are proposed. These methods can be used for real time anomaly detection and intrusion detection. Images can be processed in a number of ways to extract information from them. This formulation enables techniques from image processing to be applied to the analysis of packet header data to reveal interesting properties of traffic. Network anomaly detection systems can also take help from these processes. These methods can help to detect anomalies in an efficient manner and can be used as the basis of number of new anomaly detection methods. Analysis and comparison of generated images is also presented. Images of network traces are generated using MIT Lincoln Laboratory 1999 DARPA Off-Line Intrusion Detection Evaluation dataset. Our focus here is to develop an innovative technique for network packet header visualization that will highlight the features of the network data most vulnerable to intrusions.

[1]  Jung-Min Park,et al.  Detecting denial-of-service attacks with incomplete audit data , 2005, Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005..

[2]  Robert F. Erbacher Visual traffic monitoring and evaluation , 2001, SPIE ITCom.

[3]  Basil S. Maglaris,et al.  Detecting DDoS attacks with passive measurement based heuristics , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[4]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[5]  Xin Xu,et al.  An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines , 2005, ADMA.

[6]  A. L. Narasimha Reddy,et al.  A study of analyzing network traffic as images in real-time , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[7]  Ali A. Ghorbani,et al.  A novel visualization technique for network anomaly detection , 2004, PST.

[8]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[9]  A. L. Narasimha Reddy,et al.  Modeling network traffic as images , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[10]  Justin Zobel,et al.  Cache-Conscious Collision Resolution in String Hash Tables , 2005, SPIRE.