{"title":"P2P流量的流量异常检测","authors":"Sardar Ali, Kui Wu, Hassan Khan","doi":"10.1109/LCN.2014.6925822","DOIUrl":null,"url":null,"abstract":"Recent estimates suggest that p2p traffic comprises a significant fraction of today's Internet traffic. Previous work has shown that p2p traffic can have a considerable adverse impact on the accuracy (detection and false alarm rates) of Anomaly Detection Systems (ADSs). In this paper, we propose a solution to mitigate this accuracy degradation by identifying novel traffic features which can accurately discriminate between p2p and attack traffic. Using these features, we develop a traffic preprocessor which compensates for the negative effects of p2p traffic on anomaly detection. Our solution does not rely on any p2p traffic classifier and is thus more robust and efficient. We implement and empirically evaluate the proposed solution on an OpenFlow testbed with four prominent non-proprietary ADSs. Experimental results show that our proposed method provides about 35% increase in detection rate and about 50% decrease in false alarm rates.","PeriodicalId":143262,"journal":{"name":"39th Annual IEEE Conference on Local Computer Networks","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Traffic Anomaly Detection in the presence of P2P traffic\",\"authors\":\"Sardar Ali, Kui Wu, Hassan Khan\",\"doi\":\"10.1109/LCN.2014.6925822\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent estimates suggest that p2p traffic comprises a significant fraction of today's Internet traffic. Previous work has shown that p2p traffic can have a considerable adverse impact on the accuracy (detection and false alarm rates) of Anomaly Detection Systems (ADSs). In this paper, we propose a solution to mitigate this accuracy degradation by identifying novel traffic features which can accurately discriminate between p2p and attack traffic. Using these features, we develop a traffic preprocessor which compensates for the negative effects of p2p traffic on anomaly detection. Our solution does not rely on any p2p traffic classifier and is thus more robust and efficient. We implement and empirically evaluate the proposed solution on an OpenFlow testbed with four prominent non-proprietary ADSs. Experimental results show that our proposed method provides about 35% increase in detection rate and about 50% decrease in false alarm rates.\",\"PeriodicalId\":143262,\"journal\":{\"name\":\"39th Annual IEEE Conference on Local Computer Networks\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"39th Annual IEEE Conference on Local Computer Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN.2014.6925822\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"39th Annual IEEE Conference on Local Computer Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN.2014.6925822","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Traffic Anomaly Detection in the presence of P2P traffic
Recent estimates suggest that p2p traffic comprises a significant fraction of today's Internet traffic. Previous work has shown that p2p traffic can have a considerable adverse impact on the accuracy (detection and false alarm rates) of Anomaly Detection Systems (ADSs). In this paper, we propose a solution to mitigate this accuracy degradation by identifying novel traffic features which can accurately discriminate between p2p and attack traffic. Using these features, we develop a traffic preprocessor which compensates for the negative effects of p2p traffic on anomaly detection. Our solution does not rely on any p2p traffic classifier and is thus more robust and efficient. We implement and empirically evaluate the proposed solution on an OpenFlow testbed with four prominent non-proprietary ADSs. Experimental results show that our proposed method provides about 35% increase in detection rate and about 50% decrease in false alarm rates.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
