A model of conversation exchange dynamics for detection of epidemic-style network attacks

Abstract

Epidemic-style network attacks, such as worms, have increased in frequency over the past several years as computer networks have grown in bandwidth and scope. Mechanisms to contain these types of attacks depend on rapid and effective detection of their existence, which corresponds to anomalous network traffic behavior. These behaviors are typically associated with denial of service, probing, and buffer overflow attacks. We present a model called conversation exchange dynamics (CED) and analyze its ability to detect network anomalies by observing anomalous packets amongst traffic generated in a controlled test environment. We present configuration issues and show the successful ability of this model to detect anomalous packets and even network attacks that exhibit behavior pathologies similar to network worms.