그래프 기반의 비정상 네트워크 트래픽 탐지
- 그래프 기반의 비정상 네트워크 트래픽 탐지
- 도퀏 리
- Date Issued
- In recent years, network traffic anomaly detection has become an important area for both academic research and commercial applications. Abnormalities occur in the network traffic caused by cyber-attacks such as distributed denial of services (DDoS), spam mail, Internet worms and scanning attacks. Network operators should detect and mitigate the abnormal traffic to provide safe and stable network services.
In this thesis, we propose a novel approach for detecting anomalous network traffic in a time series. The proposed method is based on graph theory concepts such as degree distribution, degree assortativity, maximum degree, and dK-2 distance. In our approach, we use traffic dispersion graphs (TDGs) to model and analyze communication patterns in network traffic over time. We focus on communication structural properties of TDGs of network traffic. By analyzing differences of TDG graphs in time series, the method is able to detect low-intensity anomalous network behaviors which change the structural properties of a network, such as Botnet command and control communications between bots (malware-infected hosts), which cannot be identified by conventional volume-based anomaly detection techniques. In this thesis, we also introduce a method for identifying attack patterns in anomalous traffic.
Finally, we evaluate our approach with the 1999 DARPA intrusion detection dataset, a network trace from POSTECH on July 2009, the DDoS CAIDA trace, and network traffic generated from real bots in virtual machines of a honeynet. We also implement a real-time anomaly detection system by using our approach, and validate the ability of the system by generating TCP port scanning traffic.
- Article Type
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.