GET THE APP

Traffic anomaly detection and DDOS attack recognition using diffusion map technologies
..

Journal of Material Sciences & Engineering

ISSN: 2169-0022

Open Access

Traffic anomaly detection and DDOS attack recognition using diffusion map technologies


International Conference and Exhibition on Materials Chemistry

March 31-April 01, 2016 Valencia, Spain

Michael Zheludev and Evgeny Nagradov

Qrator Labs, Russia

Posters & Accepted Abstracts: J Material Sci Eng

Abstract :

Network attacks is becoming a major threat on nations, governmental institutions, critical infrastructures and business organisations. Some attacks are focused on exploiting software vulnerabilities to implement denial of service attacks, damage or steal important data, other use a large number of infected machines to implement denial-of-service attacks. In this paper we are focusing on detecting network attacks by detecting the anomalies in network traffic flow data and anomalous behaviour of the network applications. The goal is to detect the beginning of the attack in a real-time and to detect when the system is returned back to the normal state. In this paper we are not focusing on the problem of identifying the source of the attack and the attack mitigation. The input data for the analyser is statistics matrix that contains a single row for every traffic time slice. Each row contains the networklevel and application-level features that come from different scales. This matrix is the input for the intrusion detection processes (both training and detection steps). Our method has two sequential steps. Study and analysis of the behaviour of networking datasets and projection of data onto a lower dimensional space - training step. This is done once and updated as the behaviour of the training set changes. During this step we can handle corrupted training sets. The output from the training step enables online detection of anomalies to which we apply automatic tools that enable real-time detection of problems. Each newly arrived datapoint is classified as normal or abnormal. The traffic analyser processes the network packets and summarises the network-level statistics. These metrics include: tcp flags usage; number of control tcp packets (packets without payload); number of data tcp packets (packets with payload); number of source (client) packets; number of source control packets; number of source data packets; number of source data bytes; number of destination (server) packets; number of destination control packets; number of destination data packets; number of destination data bytes. Challenge: How to process an â??oceanâ? of data in order to find abnormal patterns in the data? How to fuse data from different sources (sensors) to find correlations and anomalies? How to find distances in high-dimensional data? They do not exist. How can we determine whether a point belongs to a cluster/segment or not? The goal is to identify points that deviate from normal behaviour which reside in the cluster/segment. How we treat huge high dimensional data that is dynamically and constantly changes? How can we model the high dimensional data to find deviations from normal behaviour?

Biography :

Email: qukengue@andex.ru; mz@qrator.net en@qrator.net

Google Scholar citation report
Citations: 3677

Journal of Material Sciences & Engineering received 3677 citations as per Google Scholar report

Journal of Material Sciences & Engineering peer review process verified at publons

Indexed In

 
arrow_upward arrow_upward