Yudha Purwanto, Kuspriyanto, Hendrawan, B. Rahardjo
{"title":"基于残差多项式拟合的基于时间的交通统计异常检测","authors":"Yudha Purwanto, Kuspriyanto, Hendrawan, B. Rahardjo","doi":"10.1109/ICWT.2015.7449256","DOIUrl":null,"url":null,"abstract":"Flashcrowd and Distributed Denial of Service (DDoS) almost has similar symptom across network and server. But security element such Intrusion Detection System (IDS) must handle both differently. If IDS cannot differentiate flashcrowd and DDoS attack, Quality of Service of legal user traffic in flashcrowd will degraded. So it is important for IDS to differentiate between flashcrowd and DDoS. Many earlier comparison method could sense the anomalous event, but not pay much attention to identify which flow was the anomaly. We presented residual calculation between windowed aggregate traffic statistical value combination. With residual calculation among statistical percentile 10th and mean, a high accuracy of flashcrowd and DDoS differentiation of synthetic anomalous event gained. This method could directly identify the anomalous flow and perform visual analysis to detect the start to end of both event.","PeriodicalId":371814,"journal":{"name":"2015 1st International Conference on Wireless and Telematics (ICWT)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Time based anomaly detection using residual polynomial fitting on aggregate traffic statistic\",\"authors\":\"Yudha Purwanto, Kuspriyanto, Hendrawan, B. Rahardjo\",\"doi\":\"10.1109/ICWT.2015.7449256\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Flashcrowd and Distributed Denial of Service (DDoS) almost has similar symptom across network and server. But security element such Intrusion Detection System (IDS) must handle both differently. If IDS cannot differentiate flashcrowd and DDoS attack, Quality of Service of legal user traffic in flashcrowd will degraded. So it is important for IDS to differentiate between flashcrowd and DDoS. Many earlier comparison method could sense the anomalous event, but not pay much attention to identify which flow was the anomaly. We presented residual calculation between windowed aggregate traffic statistical value combination. With residual calculation among statistical percentile 10th and mean, a high accuracy of flashcrowd and DDoS differentiation of synthetic anomalous event gained. This method could directly identify the anomalous flow and perform visual analysis to detect the start to end of both event.\",\"PeriodicalId\":371814,\"journal\":{\"name\":\"2015 1st International Conference on Wireless and Telematics (ICWT)\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 1st International Conference on Wireless and Telematics (ICWT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICWT.2015.7449256\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 1st International Conference on Wireless and Telematics (ICWT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICWT.2015.7449256","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Time based anomaly detection using residual polynomial fitting on aggregate traffic statistic
Flashcrowd and Distributed Denial of Service (DDoS) almost has similar symptom across network and server. But security element such Intrusion Detection System (IDS) must handle both differently. If IDS cannot differentiate flashcrowd and DDoS attack, Quality of Service of legal user traffic in flashcrowd will degraded. So it is important for IDS to differentiate between flashcrowd and DDoS. Many earlier comparison method could sense the anomalous event, but not pay much attention to identify which flow was the anomaly. We presented residual calculation between windowed aggregate traffic statistical value combination. With residual calculation among statistical percentile 10th and mean, a high accuracy of flashcrowd and DDoS differentiation of synthetic anomalous event gained. This method could directly identify the anomalous flow and perform visual analysis to detect the start to end of both event.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
