A method of detecting network anomalies in cyclic traffic

Shigeaki Harada; Ryoichi Kawahara; Tatsuya Mori; Noriaki Kamiyama; Haruhisa Hasegawa; Hideaki Yoshino

doi:10.1109/GLOCOM.2008.ECP.396

A method of detecting network anomalies in cyclic traffic

Shigeaki Harada^*, Ryoichi Kawahara, Tatsuya Mori, Noriaki Kamiyama, Haruhisa Hasegawa, Hideaki Yoshino

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

We present a method of detecting network anomalies, such as DDoS (distributed denial of service) attacks and flash crowds, automatically in real time. We evaluated this method using measured traffic data and found that it successfully differentiated suspicious traffic. In this paper, we focus on cyclic traffic, which has a daily and/or weekly cycle, and show that the differentiation accuracy is improved by utilizing such a cyclic tendency in anomaly detection. Our method differentiates suspicious traffic that has different statistical characteristics from normal traffic. At the same time, it learns about cyclic large- volume traffic, such as traffic for network operations, and finally considers it to be legitimate.

Original language	English
Title of host publication	2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Pages	2057-2061
Number of pages	5
DOIs	https://doi.org/10.1109/GLOCOM.2008.ECP.396
Publication status	Published - 2008
Externally published	Yes
Event	2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 - New Orleans, LA, United States Duration: 2008 Nov 30 → 2008 Dec 4

Publication series

Name	GLOBECOM - IEEE Global Telecommunications Conference

Conference

Conference	2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
Country/Territory	United States
City	New Orleans, LA
Period	08/11/30 → 08/12/4

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.1109/GLOCOM.2008.ECP.396

Cite this

Harada, S, Kawahara, R, Mori, T, Kamiyama, N, Hasegawa, H & Yoshino, H 2008, A method of detecting network anomalies in cyclic traffic. in 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008., 4698171, GLOBECOM - IEEE Global Telecommunications Conference, pp. 2057-2061, 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008, New Orleans, LA, United States, 08/11/30. https://doi.org/10.1109/GLOCOM.2008.ECP.396

@inproceedings{eb88576c514b4798a830674b255e3b40,

title = "A method of detecting network anomalies in cyclic traffic",

abstract = "We present a method of detecting network anomalies, such as DDoS (distributed denial of service) attacks and flash crowds, automatically in real time. We evaluated this method using measured traffic data and found that it successfully differentiated suspicious traffic. In this paper, we focus on cyclic traffic, which has a daily and/or weekly cycle, and show that the differentiation accuracy is improved by utilizing such a cyclic tendency in anomaly detection. Our method differentiates suspicious traffic that has different statistical characteristics from normal traffic. At the same time, it learns about cyclic large- volume traffic, such as traffic for network operations, and finally considers it to be legitimate.",

author = "Shigeaki Harada and Ryoichi Kawahara and Tatsuya Mori and Noriaki Kamiyama and Haruhisa Hasegawa and Hideaki Yoshino",

year = "2008",

doi = "10.1109/GLOCOM.2008.ECP.396",

language = "English",

isbn = "9781424423248",

series = "GLOBECOM - IEEE Global Telecommunications Conference",

pages = "2057--2061",

booktitle = "2008 IEEE Global Telecommunications Conference, GLOBECOM 2008",

note = "2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 ; Conference date: 30-11-2008 Through 04-12-2008",

}

TY - GEN

T1 - A method of detecting network anomalies in cyclic traffic

AU - Harada, Shigeaki

AU - Kawahara, Ryoichi

AU - Mori, Tatsuya

AU - Kamiyama, Noriaki

AU - Hasegawa, Haruhisa

AU - Yoshino, Hideaki

PY - 2008

Y1 - 2008

N2 - We present a method of detecting network anomalies, such as DDoS (distributed denial of service) attacks and flash crowds, automatically in real time. We evaluated this method using measured traffic data and found that it successfully differentiated suspicious traffic. In this paper, we focus on cyclic traffic, which has a daily and/or weekly cycle, and show that the differentiation accuracy is improved by utilizing such a cyclic tendency in anomaly detection. Our method differentiates suspicious traffic that has different statistical characteristics from normal traffic. At the same time, it learns about cyclic large- volume traffic, such as traffic for network operations, and finally considers it to be legitimate.

AB - We present a method of detecting network anomalies, such as DDoS (distributed denial of service) attacks and flash crowds, automatically in real time. We evaluated this method using measured traffic data and found that it successfully differentiated suspicious traffic. In this paper, we focus on cyclic traffic, which has a daily and/or weekly cycle, and show that the differentiation accuracy is improved by utilizing such a cyclic tendency in anomaly detection. Our method differentiates suspicious traffic that has different statistical characteristics from normal traffic. At the same time, it learns about cyclic large- volume traffic, such as traffic for network operations, and finally considers it to be legitimate.

UR - http://www.scopus.com/inward/record.url?scp=67249116117&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67249116117&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2008.ECP.396

DO - 10.1109/GLOCOM.2008.ECP.396

M3 - Conference contribution

AN - SCOPUS:67249116117

SN - 9781424423248

T3 - GLOBECOM - IEEE Global Telecommunications Conference

SP - 2057

EP - 2061

BT - 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008

T2 - 2008 IEEE Global Telecommunications Conference, GLOBECOM 2008

Y2 - 30 November 2008 through 4 December 2008

ER -

A method of detecting network anomalies in cyclic traffic

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this