Protecting network systems against novel attacks is a pressing problem. In this paper, we propose a new anomaly detection method based on inbound network traffic distributions. For this purpose, we first present the diverse distributions of TCP/IP protocol header fields at the border router of a real campus network, and then characterize the distributions when well-known denial-of-service (DoS) attacks are present. We show that the distributions give promising baselines for detecting network traffic anomalies. Moreover we introduce the concept of entropy to transform the obtained distribution into a metric of declaring anomaly. Our preliminary explorations indicate that the proposed method is effective at detecting several DoS attacks on the real network. © 2008 Springer Berlin Heidelberg.
CITATION STYLE
Kang, K. (2008). Anomaly detection of hostile traffic based on network traffic distributions. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5200 LNCS, pp. 781–790). Springer Verlag. https://doi.org/10.1007/978-3-540-89524-4_77
Mendeley helps you to discover research relevant for your work.