Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks

This study proposes a capable, scalable, and reliable edge-to-edge model for filtering malicious traffic through real-time monitoring of the impact of user behavior on quality of service (QoS) regulations. The model investigates user traffic, including that injected through distributed gateways and...

Full description

Saved in:
Bibliographic Details
Main Authors: Ahmed, Abdulghani Ali, Aman, Jantan, Wan, Tat-Chee
Format: Article
Language:English
Published: Elsevier 2015
Subjects:
Online Access:http://umpir.ump.edu.my/id/eprint/12716/1/Filtration%20Model%20for%20the%20Detection%20Of%20Malicious%20Traffic%20In%20Large-Scale%20Networks.pdf
http://umpir.ump.edu.my/id/eprint/12716/
http://dx.doi.org/10.1016/j.comcom.2015.10.012
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Malaysia Pahang
Language: English
id my.ump.umpir.12716
record_format eprints
spelling my.ump.umpir.127162018-05-16T07:53:20Z http://umpir.ump.edu.my/id/eprint/12716/ Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks Ahmed, Abdulghani Ali Aman, Jantan Wan, Tat-Chee QA75 Electronic computers. Computer science This study proposes a capable, scalable, and reliable edge-to-edge model for filtering malicious traffic through real-time monitoring of the impact of user behavior on quality of service (QoS) regulations. The model investigates user traffic, including that injected through distributed gateways and that destined to gateways that are experiencing actual attacks. Misbehaving traffic filtration is triggered only when the network is congested, at which point burst gateways generate an explicit congestion notification (ECN) to misbehaving users. To investigate the behavior of misbehaving user traffic, packet delay variation (PDV) ratios are actively estimated and packet transfer rates are passively measured at a unit time. Users who exceed the PDV bit rates specified in their service level agreements (SLAs) are filtered as suspicious users. In addition, suspicious users who exceed the SLA bandwidth bit rates are filtered as network intruders. Simulation results demonstrate that the proposed model efficiently filters network traffic and precisely detects malicious traffic Elsevier 2015 Article PeerReviewed application/pdf en http://umpir.ump.edu.my/id/eprint/12716/1/Filtration%20Model%20for%20the%20Detection%20Of%20Malicious%20Traffic%20In%20Large-Scale%20Networks.pdf Ahmed, Abdulghani Ali and Aman, Jantan and Wan, Tat-Chee (2015) Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks. Computer Communications. ISSN 0140-3664 (In Press) http://dx.doi.org/10.1016/j.comcom.2015.10.012 DOI: 10.1016/j.comcom.2015.10.012
institution Universiti Malaysia Pahang
building UMP Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Malaysia Pahang
content_source UMP Institutional Repository
url_provider http://umpir.ump.edu.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Ahmed, Abdulghani Ali
Aman, Jantan
Wan, Tat-Chee
Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks
description This study proposes a capable, scalable, and reliable edge-to-edge model for filtering malicious traffic through real-time monitoring of the impact of user behavior on quality of service (QoS) regulations. The model investigates user traffic, including that injected through distributed gateways and that destined to gateways that are experiencing actual attacks. Misbehaving traffic filtration is triggered only when the network is congested, at which point burst gateways generate an explicit congestion notification (ECN) to misbehaving users. To investigate the behavior of misbehaving user traffic, packet delay variation (PDV) ratios are actively estimated and packet transfer rates are passively measured at a unit time. Users who exceed the PDV bit rates specified in their service level agreements (SLAs) are filtered as suspicious users. In addition, suspicious users who exceed the SLA bandwidth bit rates are filtered as network intruders. Simulation results demonstrate that the proposed model efficiently filters network traffic and precisely detects malicious traffic
format Article
author Ahmed, Abdulghani Ali
Aman, Jantan
Wan, Tat-Chee
author_facet Ahmed, Abdulghani Ali
Aman, Jantan
Wan, Tat-Chee
author_sort Ahmed, Abdulghani Ali
title Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks
title_short Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks
title_full Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks
title_fullStr Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks
title_full_unstemmed Filtration Model for the Detection of Malicious Traffic in Large-Scale Networks
title_sort filtration model for the detection of malicious traffic in large-scale networks
publisher Elsevier
publishDate 2015
url http://umpir.ump.edu.my/id/eprint/12716/1/Filtration%20Model%20for%20the%20Detection%20Of%20Malicious%20Traffic%20In%20Large-Scale%20Networks.pdf
http://umpir.ump.edu.my/id/eprint/12716/
http://dx.doi.org/10.1016/j.comcom.2015.10.012
_version_ 1643666975831883776