An aggregated statistical approach for network flood detection using Gamma-Normal mixture modeling
作者: Sajjad Hosseinzadeh , Maryam Amirmazlaghani , Mehdi Shajari
DOI: 10.1016/J.COMCOM.2020.01.028
关键词: Mixture modeling 、 Flood detection 、 Algorithm 、 Receiver operating characteristic 、 Computer science 、 Statistical model 、 Likelihood-ratio test 、 Crowds 、 Detector
摘要: Abstract In this paper, we propose a fast statistical anomaly detector at the aggregated-level for two types of anomalies: floods and flash crowds. The performance detectors is significantly dependent on accuracy modeling. Thus, initially introduce new efficient model network traffic called Gamma Normal mixture (GNM). We study compatibility GNM using different tests. Consequently, design novel based generalized likelihood ratio test (GLRT) GNM. Moreover, to more accurately determine position anomalies, overlapped sliding windows have been applied in aggregation step. To evaluate proposed detector, use receiver operating characteristics (ROC). Experimental results under public traces, confirm high efficiency method. Also, comparison with its nearest competitor verifies higher lower computational load utilizing strategy.
sci-hub.se 参考文章(33)
Angelo Coluccia, Alessandro D’Alconzo, Fabio Ricciato, Distribution-Based anomaly detection in network traffic traffic monitoring and analysis. pp. 202- 216 ,(2013) , 10.1007/978-3-642-36784-7_9
C. Manikopoulos, S. Papavassiliou, Network intrusion and fault detection: a statistical anomaly approach IEEE Communications Magazine. ,vol. 40, pp. 76- 82 ,(2002) , 10.1109/MCOM.2002.1039860
Monowar H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Network Anomaly Detection: Methods, Systems and Tools IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 303- 336 ,(2014) , 10.1109/SURV.2013.052213.00046
John P. Nolan, Numerical calculation of stable densities and distribution functions Heavy Tails and Highly Volatile Phenomena. Satellite Meeting. ,vol. 13, pp. 759- 774 ,(1997) , 10.1080/15326349708807450
Christopher Krügel, Thomas Toth, Engin Kirda, Service specific anomaly detection for network intrusion detection acm symposium on applied computing. pp. 201- 208 ,(2002) , 10.1145/508791.508835
Michał Choraś, Łukasz Saganowski, Rafał Renk, Witold Hołubowicz, Statistical and signal-based network traffic recognition for anomaly detection Expert Systems. ,vol. 29, pp. 232- 245 ,(2012) , 10.1111/J.1468-0394.2010.00576.X
Habib Ullah, Lorenza Tenuti, Nicola Conci, Gaussian mixtures for anomaly detection in crowded scenes Proceedings of SPIE. ,vol. 8663, pp. 866303- ,(2013) , 10.1117/12.2003893
Romain Fontugne, Pierre Borgnat, Patrice Abry, Kensuke Fukuda, MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking conference on emerging network experiment and technology. pp. 8- ,(2010) , 10.1145/1921168.1921179
Laleh Arshadi, Amir Hossein Jahangir, On the TCP Flow Inter-arrival Times Dsitribution european symposium on computer modeling and simulation. pp. 360- 365 ,(2011) , 10.1109/EMS.2011.34
Gautam Thatte, Urbashi Mitra, John Heidemann, Parametric methods for anomaly detection in aggregate traffic IEEE ACM Transactions on Networking. ,vol. 19, pp. 512- 525 ,(2011) , 10.1109/TNET.2010.2070845