{"title":"基于通信模式的异常网络流量检测","authors":"D. Le, Taeyoel Jeong, H. Roman, J. W. Hong","doi":"10.1109/ISI.2012.6284297","DOIUrl":null,"url":null,"abstract":"We propose a novel approach to detect anomalous network traffic by analyzing communication patterns in time series. The method is based on graph theory concepts such as degree distribution and maximum degree, and we introduce the new concept of dK-2 distance [1]. In our approach, we use traffic dispersion graphs (TDGs) to extract communication structure [2]. By analyzing differences of TDG graphs in time series we are able to detect anomalous events such as botnet command and control communications, which cannot be identified by using volume-based approaches or flows/packets counters. We evaluate our approach with the 1999 DARPA intrusion detection data set and the network trace from POSTECH on July 2009.","PeriodicalId":199734,"journal":{"name":"2012 IEEE International Conference on Intelligence and Security Informatics","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Communication patterns based detection of anomalous network traffic\",\"authors\":\"D. Le, Taeyoel Jeong, H. Roman, J. W. Hong\",\"doi\":\"10.1109/ISI.2012.6284297\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose a novel approach to detect anomalous network traffic by analyzing communication patterns in time series. The method is based on graph theory concepts such as degree distribution and maximum degree, and we introduce the new concept of dK-2 distance [1]. In our approach, we use traffic dispersion graphs (TDGs) to extract communication structure [2]. By analyzing differences of TDG graphs in time series we are able to detect anomalous events such as botnet command and control communications, which cannot be identified by using volume-based approaches or flows/packets counters. We evaluate our approach with the 1999 DARPA intrusion detection data set and the network trace from POSTECH on July 2009.\",\"PeriodicalId\":199734,\"journal\":{\"name\":\"2012 IEEE International Conference on Intelligence and Security Informatics\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE International Conference on Intelligence and Security Informatics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISI.2012.6284297\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Conference on Intelligence and Security Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISI.2012.6284297","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Communication patterns based detection of anomalous network traffic
We propose a novel approach to detect anomalous network traffic by analyzing communication patterns in time series. The method is based on graph theory concepts such as degree distribution and maximum degree, and we introduce the new concept of dK-2 distance [1]. In our approach, we use traffic dispersion graphs (TDGs) to extract communication structure [2]. By analyzing differences of TDG graphs in time series we are able to detect anomalous events such as botnet command and control communications, which cannot be identified by using volume-based approaches or flows/packets counters. We evaluate our approach with the 1999 DARPA intrusion detection data set and the network trace from POSTECH on July 2009.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
