Paper Titles
The Analysis on Dimensionality Reduction Mathematical Model Based on Feedback Constraint for High-Dimensional Information
p.1056
The Research on Abnormal Signal Retrieval Methods for Differences Equipments under the Framework of Large-Scale Internet of Things
p.1060
Research on the Visual Communication Design Based on Technology of Computer Graphics
p.1064
Research on Texture Effect of Image Processing Algorithm Based on Parallel Computing Model
p.1068
A Novel Abnormal Traffic Detection Method Based on Statistical Model
p.1072
The Software Design of Camellia Oleifera Seed Hyperspectral Detection System
p.1076
Nonlinear Regression Analysis for Programming and Engineering Application
p.1080
Research on Synchronous Parallel Coding Algorithm of Medium Length BCH and FPGA Implementation
p.1084
The Global Characteristic Cluster to the Base Station Classification
p.1088

A Novel Abnormal Traffic Detection Method Based on Statistical Model

Article Preview

Abstract:

An abnormal traffic detection method via statistical model is proposed in this paper. At first, a new feature of normal traffic that it represents significant one-order dependency is discovered. In other words, normal traffic is obviously positive correlative. But the feature rarely appears in abnormal traffic. Based on one-order dependency, an entropy-rate model which is highly relevant to Markov model is then introduced by this paper to detect abnormal traffic. The proposed method is independent of signature so that it is able to detection both known and unknown abnormal traffic. At last, contrast experiment shows that the proposed method outperforms current methods in terms of false positives and false negatives.

You might also be interested in these eBooks
Advances in Mechatronics, Automation and Applied Information Technologies View Preview

Info:

Periodical:

Advanced Materials Research (Volumes 846-847)

Pages:

1072-1075

DOI:

https://doi.org/10.4028/www.scientific.net/AMR.846-847.1072

Citation:

Cite this paper

Online since:

November 2013

Authors:

Ting Chen*, Yue Wu

Keywords:

Entropy Rate, Markov Model, One Order Dependency, Statistical Model, Traffic Detection

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

* - Corresponding Author

References

[1] NEWSOME J, KARP B, SONG D. Polygraph: Automatically generating signatures for polymorphic worms [C]. In IEEE Security and Privacy Symposium, (2005).

DOI: 10.1109/sp.2005.15

Google Scholar

[2] ZHANG Xiaosong, CHEN Ting, CHEN Dapeng, LIU Zhi. SISG: self-immune automated signature generation for polymorphic worms [J]. The International Journal for Computation and Mathematics in Electroinc Engineering, 2010 29(2): 445-567.

DOI: 10.1108/03321641011014913

Google Scholar

[3] JUNG J, PAXSON V, BERGER A W, BALAKRISHNAN H. Fastportscan detection using sequential hypothesis testing [C]. In Proceedings of the IEEE Symposium on Security and Privacy, (2004).

DOI: 10.1109/secpri.2004.1301325

Google Scholar

[4] PAN Xiaohui, ZHANG Xiaosong CHEN Ting. A Novel Hybrid Method for Polymorphic Worm Detection [C]. On Proceedings of 2009 International Conference on E-Business and Information System Security, Vol 1, pp.50-55.

DOI: 10.1109/ebiss.2009.5137885

Google Scholar

[5] LI Jun, ZHANG Shunyi, LIU Shidong, XUAN Ye. Active P2P traffic identification technique [C]. In Proceedings of 2007 International Conference on Computational Intelligence and Security, 2007, pp.37-41.

DOI: 10.1109/cis.2007.81

Google Scholar

[6] NEWSOME J, KARP B, SONG D. Paragraph: thwarting signature learning by training maliciously [C]. Proceedings of 9th International Symposium on Recent Advances in Intrusion Detection (RAID'06), 2006, 81-105.

DOI: 10.1007/11856214_5

Google Scholar

[7] CHEN Ting, ZHANG Xiaosong, LIU Zhi. A hybrid detection approach for zero-day polymorphic shellcodes [C]. Proceedings International Conference on E-Business and Information System Security, 2009, Vol. 1: 45-50.

DOI: 10.1109/ebiss.2009.5137874

Google Scholar

[8] TOTH T, KRUEGEL C. Accurate Buffer Overflow Detection via Abstract Payload Execution [C]. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID'02), p.274–291, (2002).

DOI: 10.1007/3-540-36084-0_15

Google Scholar

[9] AKRITIDIS P, Evangelos P. MARKATOS E P, POLYCHRONAKIS M, ANAGNOSTAKIS K. STRIDE: Polymorphic Sled Detection through Instruction Sequence Analysis [C]. 20th IFIP International Information Security Conference, (2005).

DOI: 10.1007/0-387-25660-1_25

Google Scholar

[10] POLYCHRONAKIS M, ANAGNOSTAKIS K, MARKATOS E P. Network-level polymorphic shellcode detection using emulation [C]. Detection of Intrusions and Malware and Vulnerability Assessment-Third International Conference, Proceedings, (2006).

DOI: 10.1007/11790754_4

Google Scholar