Analysis of the Impact of Intensive Attacks on the Self-Similarity Degree of the Network Traffic

The research on how to use self-similarity for intrusion detection is not unfounded, as the scaling properties seem to partially define the very nature of aggregated traffic, and may become a potential differentiating factor in the presence of an anomaly. This paper explains how network intensive attacks can be injected into simulated traces of traffic, to then evolve to their analysis using a fast windowed version of the Variance Time (VT) estimator, optimized for the purpose of estimating the self-similarity degree in a point-by-point manner. The estimator is also applied to a trace of the well known Massachusetts Institute of Technology / Defense Advanced Research Projects Agency (MIT/DARPA) data set, leading to the conclusion that, during an attack, the insertion of a constant component may induce a significant increase of the local scope self-similarity degree, which may be used to suspect of the malicious activities and trigger further monitoring mechanisms.

[1]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[2]  V. Paxson,et al.  WHERE MATHEMATICS MEETS THE INTERNET , 1998 .

[3]  Walter Willinger,et al.  Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level , 1997, TNET.

[4]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[5]  Vern Paxson,et al.  Fast, approximate synthesis of fractional Gaussian noise for generating self-similar network traffic , 1997, CCRV.

[6]  William H. Allen,et al.  On the self-similarity of synthetic traffic for the evaluation of intrusion detection systems , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[7]  Mine C aglar Simulation of Fractional Brownian Motion with Micropulses , 2022 .

[8]  Houssain Kettani,et al.  A novel approach to the estimation of the long-range dependence parameter , 2006, IEEE Transactions on Circuits and Systems II: Express Briefs.

[9]  Ilkka Norros Studies on a model for connectionless traffic, based on fractional Brownian motion , 1992 .

[10]  G.A. Marin,et al.  The LoSS Technique for Detecting New Denial of Service Attacks , 2004, IEEE SoutheastCon, 2004. Proceedings..

[11]  Ali Selamat,et al.  Uncovering Anomaly Traffic Based on Loss of Self-Similarity Behavior Using Second Order Statistical Model , 2007 .

[12]  Jong-Moon Chung,et al.  Impact of self-similarity on performance evaluation in differential service networks , 2002, The 2002 45th Midwest Symposium on Circuits and Systems, 2002. MWSCAS-2002..

[13]  V. Pipiras Wavelet-based simulation of fractional Brownian motion revisited , 2005 .