Subscribe Now Subscribe Today
Science Alert
FOLLOW US:     Facebook     Twitter
Curve Top
Information Technology Journal
  Year: 2012 | Volume: 11 | Issue: 9 | Page No.: 1243-1250
DOI: 10.3923/itj.2012.1243.1250
Hierarchical Method for Anomaly Detection and Attack Identification in High-speed Network
Ruoyu Yan and Chao Shao

Traffic anomaly detection and attack identification are research focus in the network security community. In the paper, a hierarchical system framework is proposed to detect and identify traffic anomaly in high-speed network. At first, multiple basic detectors developed under authors’ previous research work are represented roughly. Then an alerts fusion method combining these basic detectors is used to improve on the anomaly detection ability. Experiments in real high-speed network demonstrate that the method has higher detection performance than basic detectors and majority voting method. To further identify attack type accurately, seven traffic features are used to characterize three types of attack (port scan, network scan and DoS attack) and traffic distribution change for each traffic feature is measured by cross entropy. Then Exponentially Weighted Moving Average (EWMA) control chart method based on cross entropy is proposed to classify attacks. The experimental results on traffic in backbone router have shown that the method has strong ability to detect and identify attacks.
 [Fulltext PDF]   [Fulltext HTML]   [XML: Abstract + References]   [References]   [View Citation]  [Report Citation]
  •    Using Renyi Cross Entropy to Analyze Traffic Matrix and Detect DDoS Attacks
  •    Hurst Parameter for Security Evaluation of LAN Traffic
How to cite this article:

Ruoyu Yan and Chao Shao, 2012. Hierarchical Method for Anomaly Detection and Attack Identification in High-speed Network. Information Technology Journal, 11: 1243-1250.

DOI: 10.3923/itj.2012.1243.1250






Curve Bottom