An approach for detecting anomalies by assessing the inter-arrival time of UDP packets and flows using Benford's law

2015 2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI) Pub Date : 2015-11-01 DOI:10.1109/KBEI.2015.7436057

A. Asadi

{"title":"An approach for detecting anomalies by assessing the inter-arrival time of UDP packets and flows using Benford's law","authors":"A. Asadi","doi":"10.1109/KBEI.2015.7436057","DOIUrl":null,"url":null,"abstract":"In this paper, from the perspective of Benford's law the inter-arrival time of UDP in packet and flow levels, is investigated. Benford's law is an empirical law that describes the distribution of first digits in series of numbers in natural phenomena. We claim that Benford's law describes the inter-arrival time of UDP packets and flows in normal traffic of networks. As a result, any significant anomaly in UDP packets and flows including deliberate intrusions, unwanted errors or in general, network failures, can be identified by checking the first digit distribution inter-arrival time of UDP packets and flows. In a recent work, the relationship between Weibull distribution and Benford's law was studied. In another work, the compliance of the inter-arrival time of UDP packets and flows from Weibull distribution is presented. In this paper, we have proposed a method for using Benford's law for detecting anomalies in inter-arrival time of UDP packets and flows. The proposed method can detect the UDP Flood attack with high detection rate.","PeriodicalId":168295,"journal":{"name":"2015 2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI)","volume":"156 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/KBEI.2015.7436057","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

In this paper, from the perspective of Benford's law the inter-arrival time of UDP in packet and flow levels, is investigated. Benford's law is an empirical law that describes the distribution of first digits in series of numbers in natural phenomena. We claim that Benford's law describes the inter-arrival time of UDP packets and flows in normal traffic of networks. As a result, any significant anomaly in UDP packets and flows including deliberate intrusions, unwanted errors or in general, network failures, can be identified by checking the first digit distribution inter-arrival time of UDP packets and flows. In a recent work, the relationship between Weibull distribution and Benford's law was studied. In another work, the compliance of the inter-arrival time of UDP packets and flows from Weibull distribution is presented. In this paper, we have proposed a method for using Benford's law for detecting anomalies in inter-arrival time of UDP packets and flows. The proposed method can detect the UDP Flood attack with high detection rate.

查看原文本刊更多论文

通过使用本福德定律评估UDP数据包和流的到达时间来检测异常的方法

本文从本福德定律的角度，研究了UDP在数据包和流级别上的到达间隔时间。本福德定律是描述自然现象中数列第一位数分布的经验定律。我们声称本福德定律描述了网络正常流量中UDP数据包和流的到达时间。因此，UDP数据包和流中的任何重大异常，包括故意入侵，不必要的错误或一般的网络故障，都可以通过检查UDP数据包和流的第一个数字分布到达时间来识别。在最近的一项工作中，研究了威布尔分布与本福德定律的关系。在另一项工作中，提出了来自威布尔分布的UDP数据包和流的到达时间的遵从性。在本文中，我们提出了一种利用本福德定律检测UDP数据包和流的到达时间异常的方法。该方法检测UDP Flood攻击，检测率高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI)

自引率

0.00%

发文量