Open Access System for Information Sharing

Login Library

 

Thesis
Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

그래프 기반의 비정상 네트워크 트래픽 탐지

Title
그래프 기반의 비정상 네트워크 트래픽 탐지
Authors
도퀏 리
Date Issued
2012
Publisher
포항공과대학교
Abstract
In recent years, network traffic anomaly detection has become an important area for both academic research and commercial applications. Abnormalities occur in the network traffic caused by cyber-attacks such as distributed denial of services (DDoS), spam mail, Internet worms and scanning attacks. Network operators should detect and mitigate the abnormal traffic to provide safe and stable network services. In this thesis, we propose a novel approach for detecting anomalous network traffic in a time series. The proposed method is based on graph theory concepts such as degree distribution, degree assortativity, maximum degree, and dK-2 distance. In our approach, we use traffic dispersion graphs (TDGs) to model and analyze communication patterns in network traffic over time. We focus on communication structural properties of TDGs of network traffic. By analyzing differences of TDG graphs in time series, the method is able to detect low-intensity anomalous network behaviors which change the structural properties of a network, such as Botnet command and control communications between bots (malware-infected hosts), which cannot be identified by conventional volume-based anomaly detection techniques. In this thesis, we also introduce a method for identifying attack patterns in anomalous traffic. Finally, we evaluate our approach with the 1999 DARPA intrusion detection dataset, a network trace from POSTECH on July 2009, the DDoS CAIDA trace, and network traffic generated from real bots in virtual machines of a honeynet. We also implement a real-time anomaly detection system by using our approach, and validate the ability of the system by generating TCP port scanning traffic.
URI
http://postech.dcollection.net/jsp/common/DcLoOrgPer.jsp?sItemId=000001388508
http://oasis.postech.ac.kr/handle/2014.oak/1641
Article Type
Thesis
Files in This Item:
There are no files associated with this item.

qr_code

  • mendeley

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Views & Downloads

Browse