| 题名 |
Baseline Profile Stability for Network Anomaly Detection |
| DOI |
10.6633/IJNS.200801.6(1).08 |
| 作者 |
Yoo-Hwan Kim;Ju-Yeon Jo;Kyung-Hee Kim Suh |
| 关键词 |
Denial-of-Service Attack ; Internet traffic profile ; network security |
| 期刊名称 |
International Journal of Network Security |
| 卷期/出版年月 |
6卷1期(2008 / 01 / 01) |
| 页次 |
60 - 66 |
| 内容语文 |
英文 |
| 英文摘要 |
Network attacks are commonplace in the Internet. One of the defense mechanisms against the network attacks is using a baseline profile established during normal operation to detect the traffic that deviates from the baseline profile. However, this approach works only if there is a stable base profile representing the legitimate network traffic. Although there has been some preliminary research, the details of profiling, such as the profile format, its size and the traffic stability by site or time, have not been widely available. In this study, we analyze actual traffic traces from two Internet traffic archives and verify the traffic stability by various aspects. The analysis shows that there are significant differences in the traffic patterns among different sites. In addition, there are some differences between different time of day or different days, even within a site, suggesting that different profiles are needed for different times. The result of this study can be used practically to anomaly-based IDS for determining the stability of the traffic for a particular site, and the number of required traffic profiles based on the traffic patterns. |
| 主题分类 |
基礎與應用科學 >
資訊科學 |
