Network anomaly detection based on R/S Pox Diagram

Akinori Takahashi, Ryuji Igarashi, Hiroshi Ueda, Yukio Iwaya, Tetsuo Kinoshita

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

A method is proposed in this paper to detect attack traffic or anomaly by utilizing an R/S analysis. Our study so far indicates that a LS(Level Shift) or a Cycle superimposed on a discrete time series provides a dispersion in the R/S pox diagram. The LS is well expressed by both HSup and HInf, the slope of the upperand the lower-most plots group of the pox diagram. By utilizing them as the indices of the anomaly traffic, the validity of our proposal is tested at first by a Bernoulli trial simulation and then with the traffic data of "1999 DARPA Intrusion Detection Evaluation Data Set". Tested attacks are TCP SYN Flood, UDP Storm, and Smurf and our investigations showed that HInf may become a promising parameter for the detection of flooding attacks.

Original languageEnglish
Pages (from-to)186-192
Number of pages7
JournalInternational Journal of the Society of Material Engineering for Resources
Volume17
Issue number2
DOIs
Publication statusPublished - 2010 Sep 1

Keywords

  • Anomaly detection
  • Dos attack
  • Hurst parameter
  • Pox diagram

ASJC Scopus subject areas

  • Chemical Engineering(all)
  • Materials Science(all)
  • Mechanical Engineering

Fingerprint Dive into the research topics of 'Network anomaly detection based on R/S Pox Diagram'. Together they form a unique fingerprint.

Cite this