Network anomaly detection using autonomous system flow aggregates

Thienne Johnson, Loukas Lazos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Scopus citations

Abstract

Detecting malicious traffic streams in modern computer networks is a challenging task due to the growing traffic volume that must be analyzed. Traditional anomaly detection systems based on packet inspection face a scalability problem in terms of computational and storage capacity. One solution to this scalability problem is to analyze traffic based on IP flow aggregates. However, IP aggregates can still result in prohibitively large datasets for networks with heavy traffic loads. In this paper, we investigate whether anomaly detection is still possible when traffic is aggregated at a coarser scale. We propose a volumetric analysis methodology that aggregates traffic at the Autonomous System (AS) level. We show that our methodology reduces the number of flows to be analyzed by several orders of magnitude compared with IP flow level analysis, while still detecting traffic anomalies.

Original languageEnglish (US)
Title of host publication2014 IEEE Global Communications Conference, GLOBECOM 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages544-550
Number of pages7
ISBN (Electronic)9781479935116
DOIs
StatePublished - Feb 9 2014
Event2014 IEEE Global Communications Conference, GLOBECOM 2014 - Austin, United States
Duration: Dec 8 2014Dec 12 2014

Publication series

Name2014 IEEE Global Communications Conference, GLOBECOM 2014

Other

Other2014 IEEE Global Communications Conference, GLOBECOM 2014
Country/TerritoryUnited States
CityAustin
Period12/8/1412/12/14

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Networks and Communications
  • Communication

Fingerprint

Dive into the research topics of 'Network anomaly detection using autonomous system flow aggregates'. Together they form a unique fingerprint.

Cite this