TY - GEN
T1 - Network anomaly detection using autonomous system flow aggregates
AU - Johnson, Thienne
AU - Lazos, Loukas
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/2/9
Y1 - 2014/2/9
N2 - Detecting malicious traffic streams in modern computer networks is a challenging task due to the growing traffic volume that must be analyzed. Traditional anomaly detection systems based on packet inspection face a scalability problem in terms of computational and storage capacity. One solution to this scalability problem is to analyze traffic based on IP flow aggregates. However, IP aggregates can still result in prohibitively large datasets for networks with heavy traffic loads. In this paper, we investigate whether anomaly detection is still possible when traffic is aggregated at a coarser scale. We propose a volumetric analysis methodology that aggregates traffic at the Autonomous System (AS) level. We show that our methodology reduces the number of flows to be analyzed by several orders of magnitude compared with IP flow level analysis, while still detecting traffic anomalies.
AB - Detecting malicious traffic streams in modern computer networks is a challenging task due to the growing traffic volume that must be analyzed. Traditional anomaly detection systems based on packet inspection face a scalability problem in terms of computational and storage capacity. One solution to this scalability problem is to analyze traffic based on IP flow aggregates. However, IP aggregates can still result in prohibitively large datasets for networks with heavy traffic loads. In this paper, we investigate whether anomaly detection is still possible when traffic is aggregated at a coarser scale. We propose a volumetric analysis methodology that aggregates traffic at the Autonomous System (AS) level. We show that our methodology reduces the number of flows to be analyzed by several orders of magnitude compared with IP flow level analysis, while still detecting traffic anomalies.
UR - http://www.scopus.com/inward/record.url?scp=84949922915&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84949922915&partnerID=8YFLogxK
U2 - 10.1109/GLOCOM.2014.7036864
DO - 10.1109/GLOCOM.2014.7036864
M3 - Conference contribution
AN - SCOPUS:84949922915
T3 - 2014 IEEE Global Communications Conference, GLOBECOM 2014
SP - 544
EP - 550
BT - 2014 IEEE Global Communications Conference, GLOBECOM 2014
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2014 IEEE Global Communications Conference, GLOBECOM 2014
Y2 - 8 December 2014 through 12 December 2014
ER -