|
|
|
|
|
Detecting Hidden Anomalies Using Sketch for High-speed Network Data Stream Monitoring |
|
PP: 759-765 |
|
Author(s) |
|
Aiping Li,
Yi Han,
Bin Zhou,
Weihong Han,
Yan Jia,
|
|
Abstract |
|
Monitoring network data streams in real-time to check security event become more and more important along with the rapid
growth of Internet applications. The detection typically treats the traffic as a collection of flows that need to be examined for significant
changes in traffic pattern (e.g., volume, number of connections). However, as link speeds and the number of flows increase, keeping perflow
state is either too expensive or too slow.We propose building compact summaries of the traffic data using the notion of sketches.In
this paper, we proposed an IP address traceability network anomaly detection method at right time based on the summary data structure.
In this method, the network traffic information is recorded into sketch online in every circle which is used to detect anomalies. By using
EWMA forecasting model to get each circle forecast value, it computes the error sketch between the recoded value and forecast value
and detects heavy network traffic change based on Mean-Standard deviation in the error sketch. The method is effective in detecting
DDoS attack, scan attack. And it can trace the IP address of victim host. Evaluated by the experiment, the results show that this method
takes up little computing and memory resources and is suitable for anomaly detection under the high-speed network traffic. |
|
|
|
|
|