Network anomalies caused by network attacks can significantly degrade or even terminate network services.A Real-time and reliable detection of anomalies is essential to rapid anomaly diagnosis,anomaly mitigation,and m...Network anomalies caused by network attacks can significantly degrade or even terminate network services.A Real-time and reliable detection of anomalies is essential to rapid anomaly diagnosis,anomaly mitigation,and malfunction recovering.Unlike most detection methods based on the statistical analysis of the packet headers(Such as IP addresses and ports),a new approach only using network traffic volumes is proposed to detect anomalies reliably.Our method is based on autocorrelation function to judge whether anomalies have happened.In details,the correlation coefficients of normal and anomaly data fluctuate slightly respectively,while those of the overlapped data composed of them fluctuate greatly.Experimental results on network traffic volumes transformed from 1999 DARPA intrusion evaluation data set show that this method can effectively detect network anomalies,while avoiding the high false alarms rate.展开更多
基金This work was supported by a grant from the National Natural Science Foundation of China(No.60773192).
文摘Network anomalies caused by network attacks can significantly degrade or even terminate network services.A Real-time and reliable detection of anomalies is essential to rapid anomaly diagnosis,anomaly mitigation,and malfunction recovering.Unlike most detection methods based on the statistical analysis of the packet headers(Such as IP addresses and ports),a new approach only using network traffic volumes is proposed to detect anomalies reliably.Our method is based on autocorrelation function to judge whether anomalies have happened.In details,the correlation coefficients of normal and anomaly data fluctuate slightly respectively,while those of the overlapped data composed of them fluctuate greatly.Experimental results on network traffic volumes transformed from 1999 DARPA intrusion evaluation data set show that this method can effectively detect network anomalies,while avoiding the high false alarms rate.
