Iterative window size estimation on self-similarity measurement for network traffic anomaly detection
An iterative method for estimating the optimum sample time (or simply window size) in self-similarity measurement of network traffic is introduced. The main purpose of this measurement is to identify anomaly in network traffic. When the network traffic is close to the self-similarity model, it is co...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Published: |
APCEP-Canada
2004
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/5031/ http://www.ijcis.info/Vol2N2/84-91OKS.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Malaysia |
| id |
my.utm.5031 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.50312017-10-09T08:41:00Z http://eprints.utm.my/id/eprint/5031/ Iterative window size estimation on self-similarity measurement for network traffic anomaly detection Idris, Mohd. Yazid Abdullah, Abdul Hanan Maarof, Mohd. Aizaini QA75 Electronic computers. Computer science An iterative method for estimating the optimum sample time (or simply window size) in self-similarity measurement of network traffic is introduced. The main purpose of this measurement is to identify anomaly in network traffic. When the network traffic is close to the self-similarity model, it is considered as normal while otherwise it is not. Since, this model is related to a long-range dependence process, providing data in long period of time will increase the closeness of the network traffic towards the model. On the other hand, increasing the time range is one of the factors that will increase detection loss probability where an intrusive pattern may hide inside the normal data. Thus, the purpose of this method is to minimize the curve-fitting error on self-similarity measurement and detection loss probability in anomaly detection. This iterative method was applied to network traffic data provided by Lincoln Lab, Massachuset Institute of Technology (MIT). The result has shown, that this method is able to estimate an optimum window size that is capable to reduce detection loss probability and maintain a low error rate. APCEP-Canada 2004-08-01 Article PeerReviewed Idris, Mohd. Yazid and Abdullah, Abdul Hanan and Maarof, Mohd. Aizaini (2004) Iterative window size estimation on self-similarity measurement for network traffic anomaly detection. Journal of computing and information science, 2 (2). pp. 84-91. ISSN 1708-0460 http://www.ijcis.info/Vol2N2/84-91OKS.pdf |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Idris, Mohd. Yazid Abdullah, Abdul Hanan Maarof, Mohd. Aizaini Iterative window size estimation on self-similarity measurement for network traffic anomaly detection |
| description |
An iterative method for estimating the optimum sample time (or simply window size) in self-similarity measurement of network traffic is introduced. The main purpose of this measurement is to identify anomaly in network traffic. When the network traffic is close to the self-similarity model, it is considered as normal while otherwise it is not. Since, this model is related to a long-range dependence process, providing data in long period of time will increase the closeness of the network traffic towards the model. On the other hand, increasing the time range is one of the factors that will increase detection loss probability where an intrusive pattern may hide inside the normal data. Thus, the purpose of this method is to minimize the curve-fitting error on self-similarity measurement and detection loss probability in anomaly detection. This iterative method was applied to network traffic data provided by Lincoln Lab, Massachuset Institute of Technology (MIT). The result has shown, that this method is able to estimate an optimum window size that is capable to reduce detection loss probability and maintain a low error rate. |
| format |
Article |
| author |
Idris, Mohd. Yazid Abdullah, Abdul Hanan Maarof, Mohd. Aizaini |
| author_facet |
Idris, Mohd. Yazid Abdullah, Abdul Hanan Maarof, Mohd. Aizaini |
| author_sort |
Idris, Mohd. Yazid |
| title |
Iterative window size estimation on self-similarity measurement for network traffic anomaly detection |
| title_short |
Iterative window size estimation on self-similarity measurement for network traffic anomaly detection |
| title_full |
Iterative window size estimation on self-similarity measurement for network traffic anomaly detection |
| title_fullStr |
Iterative window size estimation on self-similarity measurement for network traffic anomaly detection |
| title_full_unstemmed |
Iterative window size estimation on self-similarity measurement for network traffic anomaly detection |
| title_sort |
iterative window size estimation on self-similarity measurement for network traffic anomaly detection |
| publisher |
APCEP-Canada |
| publishDate |
2004 |
| url |
http://eprints.utm.my/id/eprint/5031/ http://www.ijcis.info/Vol2N2/84-91OKS.pdf |
| _version_ |
1643644217399967744 |