If efficient network analysis tools were available, it could become possible to detect the attacks, anomalies and to appropriately take action to contain the attacks. In this paper, we suggest a technique for traffic anomaly detection based on analyzing correlation of destination IP addresses in outgoing traffic at an egress router. This address correlation data are transformed through discrete wavelet transform for effective detection of anomalies through statistical analysis. Our techniques can be employed for postmortem and real-time analysis of outgoing network traffic at a campus edge. Results from tracedriven evaluation suggest that proposed approach could provide an effective means of detecting anomalies close to the network. We also present data analyzing the correlation of port numbers as a means of detecting anomalies. © IFIP International Federation for Information Processing 2004.
CITATION STYLE
Kim, S. S., Narasimha Reddy, A. L., & Vannucci, M. (2004). Detecting traffic anomalies through aggregate analysis of packet header data. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3042, 1047–1059. https://doi.org/10.1007/978-3-540-24693-0_86
Mendeley helps you to discover research relevant for your work.