06-09-2012, 02:35 PM
Parametric Methods for Anomaly Detection In Aggregate Traffic
Anomaly detection.docx (Size: 17.85 KB / Downloads: 51)
ABSTRACT:
We develop parametric methods to detect network anomalies using only aggregate traffic statistics. The anomaly is a small fraction of the total traffic. By adopting simple statistical models for anomalous and background traffic in the time domain we can avoid anomaly traffic in Aggregate Traffic. The proposed bivariate parametric detection mechanism (bPDM) uses a sequential probability ratio test is used to find out the anomaly detection. It uses both traffic-rate and packet-size statistics, yielding a bivariate model that eliminates most false positives. The method is analyzed using the bit-rate signal-to-noise ratio (SNR) metric, which is shown to be an effective metric for anomaly detection.
Existing System:
A successful denial-of-service (DoS) attack degrades network performance, resulting in losses of several millions of dollars. In our Existing System we present an anomaly detection method that profiles normal traffic; a traffic-rate shift and a change in the distribution as an anomaly. Our anomaly detection problem is posed as a statistical hypothesis test. Our Existing system doesn’t give clear idea about “whether these simple, approximate statistical models can yield detection methods of high performance by modeling sufficient, salient features of the traffic”. We underscore that our model does not capture all aspects of general Internet traffic. So it is not a better way to find anomaly detection.
Proposed System:
The above Specified problem in the problem can be easily rectified by using the following three key features: Anomaly detection operates in aggregate traffic, without flow separation or deep-packet inspection. Note that operating on aggregate traffic is sufficient to detect anomalies. Prior anomaly detection approaches uses average sample number (ASN) methods .It does not require free hand-tuned or hard-coded parameters. We employ both the packet rate and the sample entropy of the packet size distribution statistics to ensure robustness against false positives, thus overcoming one of the traditional drawbacks of anomaly detection methods. Our previous work [33] developed the parametric Modeled Attack Detector (MAD), which employed Poisson and shifted Poisson models that could rapidly detect low-rate attacks, but required
a dedicated training phase to learn the background traffic parameters, and which was susceptible to a few false positives.