论文信息 - Loss of self-similarity detection with second order statistical model and multi-level aggregation approach

Loss of self-similarity detection with second order statistical model and multi-level aggregation approach

Abstract Recent studies have shown that malicious packets introduce distribution error and perturb the self-similarity property of network traffic. As a result loss of self-similarity (LoSS) is detected. Previous works on LoSS detection estimate the self-similarity parameter mostly at normal fixed sampling rate such as 10ms or 100ms. However, this is not sufficient to expose the distribution error of self-similarity model effectively hence increases the false alarm rate detection. This paper proposes a multi-level sampling (MLS) approach for self-similarity parameter estimation in order to increase the accuracy of LoSS detection performance. The proposed method defines LoSS with Second Order Self-similarity Statistical (SOSS) model and estimates the self-similarity parameter using the Optimization Method (OM). The method has been tested using simulation of Fractional Gaussian Noise (FGN) traces and FSKSMNet datasets. The simulation results demonstrate that by comparing normal fixed sampling at 100ms with MLS approach, the accuracy of LoSS detection has been increased from 50% to 100% for malicious traces and from none to 17% for legal Internet traffic traces.

Ali Selamat | Houssain Kettani | Mohd Aizaini Maarof | Mohd Foâ€™ad Rohani

[1] Walter Willinger,et al. Experimental queueing analysis with long-range dependent packet traffic , 1996, TNET.

[2] Anja Feldmann,et al. The changing nature of network traffic: scaling phenomena , 1998, CCRV.

[3] Mark E. Crovella,et al. Effect of traffic self-similarity on network performance , 1997, Other Conferences.

[4] G.A. Marin,et al. The LoSS Technique for Detecting New Denial of Service Attacks , 2004, IEEE SoutheastCon, 2004. Proceedings..

[5] Azer Bestavros,et al. Self-similarity in World Wide Web traffic: evidence and possible causes , 1997, TNET.

[6] Murad S. Taqqu,et al. On the Self-Similar Nature of Ethernet Traffic , 1993, SIGCOMM.

[7] Sally Floyd,et al. Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[8] W. Schleifer,et al. Online error detection through observation of traffic self-similarity , 2001 .

[9] Houssain Kettani,et al. A novel approach to the estimation of the long-range dependence parameter , 2006, IEEE Transactions on Circuits and Systems II: Express Briefs.

[10] R G Clegg,et al. A decade of Internet research — advances in models and practices , 2005 .

[11] M. A. Maarof,et al. Iterative Window Size Estimation on Self-Similarity Measurement for Network Traffic Anomaly Detection , 2004 .