Show simple item record

dc.contributor.authorLiu, Lei*
dc.contributor.authorJin, X.L.*
dc.contributor.authorMin, Geyong*
dc.contributor.authorXu, L.*
dc.date.accessioned2016-11-28T15:10:29Z
dc.date.available2016-11-28T15:10:29Z
dc.date.issued2014-08-24
dc.identifier.citationLiu L, Jin XL, Min G et al (2014) Anomaly diagnosis based on regression and classification analysis of statistical traffic features. Security and Communication Networks. 7(9): 1372-1383.
dc.identifier.urihttp://hdl.handle.net/10454/10727
dc.descriptionNo
dc.description.abstractTraffic anomalies caused by Distributed Denial-of-Service (DDoS) attacks are major threats to both network service providers and legitimate customers. The DDoS attacks regularly consume and exhaust the resources of victims and hence result in abnormal bursty traffic through end-user systems. Additionally, malicious traffic aggregated into normal traffic often show dramatic changes in the traffic nature and statistical features. This study focuses on early detection of traffic anomalies caused by DDoS attacks in light of analyzing the network traffic behavior. Key statistical features including variance, autocorrelation, and self-similarity are employed to characterize the network traffic. Further, artificial neural network and support vector machine subject to the performance metrics are employed to predict and classify the abnormal traffic. The proposed diagnosis mechanism is validated through experiments where the datasets consist of two groups. The first group is the Massachusetts Institute of Technology Lincoln Laboratory dataset containing labeled DoS attack. The second group collected from DDoS attack simulation experiments covers three representative traffic shapes resulting from the dynamic attack rate configuration, namely, constant intensity, ramp-up behavior, and pulsing behavior. The experimental results demonstrate that the developed mechanism can effectively and precisely alert the abnormal traffic within short response period.
dc.relation.isreferencedbyhttps://doi.org/10.1002/sec.843
dc.subjectIntrusion detection
dc.subject; DDoS
dc.subject; Feature regression and classification
dc.subject; Traffic measurement
dc.subject; Anomaly diagnosis
dc.subject; Of-service attacks
dc.subject; DDoS attacks
dc.subject; Network
dc.titleAnomaly diagnosis based on regression and classification analysis of statistical traffic features
dc.status.refereedYes
dc.date.Accepted2013-06-13
dc.date.application2013-09-30
dc.typeArticle
dc.type.versionNo full-text in the repository


This item appears in the following Collection(s)

Show simple item record