Traffic Anomaly Detection and Characterization in the Tunisian National University Network

Ramah, Khadija Houerbi; Ayari, H; Kamoun, Farouk

doi:10.1007/11753810_12

Cited by 11 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even though the used traffic sets are different so that the comparison of the results may inadequate in this stage of work, the detection rate of our mechanism is relatively high compared to those results. In [28], the authors used a traffic set that is as similar as ours for anomaly detection. They collected the campus network traffic from Tunisian National University for forty five days and developed a Anomaly Detection System (ADS).…”

Section: Numerical Resultsmentioning

confidence: 99%

F-TAD: Traffic Anomaly Detection for Sub-networks Using Fisher Linear Discriminant

Park

Kim

Kang

2009

2009 Third International Conference on Network and System Security

View full text Add to dashboard Cite

Traffic anomaly detection is one of the most important technologies that should be considered in network security and administration. In this paper, we propose a traffic anomaly detection mechanism that includes traffic monitoring and traffic analysis. We develop an analytical system called WISE-Mon that inspects the traffic behavior by monitoring and analyzing the traffic. We establish a criterion for detecting abnormal traffic by analyzing training set of traffic and applying Fisher linear discriminant method. By using the properties of distributions such as chi-square distribution and normal distribution to the training set, we derive a hyperplane which enables to detect abnormal traffic. Since the trend of traffic can be changed as time passes, the hyperplane has to be updated periodically to reflect the changes. Accordingly, we consider the self-learning algorithm which reflects the trend of traffic and so enables to increase accuracy of detection. The proposed mechanism is reliable for traffic anomaly detection and compatible to realtime detection. For the numerical results, we use a traffic set collected from campus network. It shows that the proposed mechanism is reliable and accurate for detecting the abnormal traffic. Furthermore, it is observed that the proposed mechanism can categorize a set of abnormal traffic into various malicious traffic subsets.

show abstract

Section: Numerical Resultsmentioning

confidence: 99%

F-TAD: Traffic Anomaly Detection for Sub-networks Using Fisher Linear Discriminant

Park

Kim

Kang

2009

2009 Third International Conference on Network and System Security

View full text Add to dashboard Cite

show abstract

“…Data collection is easy to become the performance bottleneck of IDS, because the efficiency of data collection module in IDS directly affects the performance of intrusion detection. As a result, data collection is crucial with regard to the performance of IDS [4], [5]. Prior studies used various ways to collect security-related data for intrusion detection.…”

Section: ) Intrusion Detectionmentioning

confidence: 99%

A Survey on Network Security-Related Data Collection Technologies

et al. 2018

View full text Add to dashboard Cite

Security threats and economic loss caused by network attacks, intrusions, and vulnerabilities have motivated intensive studies on network security. Normally, data collected in a network system can reflect or can be used to detect security threats. We define these data as network security-related data. Studying and analyzing security-related data can help detect network attacks and intrusions, thus making it possible to further measure the security level of the whole network system. Obviously, the first step in detecting network attacks and intrusions is to collect security-related data. However, in the context of big data and 5G, there exist a number of challenges in collecting these security-related data. In this paper, we first briefly introduce network security-related data, including its definition and characteristics, and the applications of network data collection. We then provide the requirements and objectives for security-related data collection and present a taxonomy of data collection technologies. Moreover, we review existing collection nodes, collection tools, and collection mechanisms in terms of network data collection and analyze them based on the proposed requirements and objectives toward high quality security-related data collection. Finally, we discuss open research issues and conclude with suggestions for future research directions.INDEX TERMS Network security, security-related data, data collection technologies, large-scale heterogeneous networks.

show abstract

“…Puttini et al [15] applied the associated Bayesian classification to the SNMP MIB variables to detect anomalous network traffic behavior in Mobile Ad Hoc Networks (MANET). Ramah et al [16] developed an anomaly detection system using periodic SNMP data collection which is derived from a PCA (Principle Component Analysis) based unsupervised anomaly detection scheme proposed by Shyu et al [17]. According to our literature review, these studies focused on the detection of intrusion from normal traffic, but most of them did not consider the determination of attack types, such as TCP-SYN Flooding, UDP flooding, ICMP flooding, etc.…”

Section: Introductionmentioning

confidence: 99%

“…Some studies [4,5,[14][15][16][17][18] used SNMP MIB data for a intrusion detection. Li et al [4] developed a system named as MAID which uses SNMP MIB-II data for anomaly detection.…”

Section: Introductionmentioning

confidence: 99%