Network anomaly detection using autonomous system flow aggregates

Thienne Johnson, Loukas Lazos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

Detecting malicious traffic streams in modern computer networks is a challenging task due to the growing traffic volume that must be analyzed. Traditional anomaly detection systems based on packet inspection face a scalability problem in terms of computational and storage capacity. One solution to this scalability problem is to analyze traffic based on IP flow aggregates. However, IP aggregates can still result in prohibitively large datasets for networks with heavy traffic loads. In this paper, we investigate whether anomaly detection is still possible when traffic is aggregated at a coarser scale. We propose a volumetric analysis methodology that aggregates traffic at the Autonomous System (AS) level. We show that our methodology reduces the number of flows to be analyzed by several orders of magnitude compared with IP flow level analysis, while still detecting traffic anomalies.

Original languageEnglish (US)
Title of host publication2014 IEEE Global Communications Conference, GLOBECOM 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages544-550
Number of pages7
ISBN (Print)9781479935116
DOIs
StatePublished - Feb 9 2014
Event2014 IEEE Global Communications Conference, GLOBECOM 2014 - Austin, United States
Duration: Dec 8 2014Dec 12 2014

Other

Other2014 IEEE Global Communications Conference, GLOBECOM 2014
CountryUnited States
CityAustin
Period12/8/1412/12/14

Fingerprint

traffic
Scalability
Volumetric analysis
Computer networks
Inspection
traffic volume
methodology

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Networks and Communications
  • Communication

Cite this

Johnson, T., & Lazos, L. (2014). Network anomaly detection using autonomous system flow aggregates. In 2014 IEEE Global Communications Conference, GLOBECOM 2014 (pp. 544-550). [7036864] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GLOCOM.2014.7036864

Network anomaly detection using autonomous system flow aggregates. / Johnson, Thienne; Lazos, Loukas.

2014 IEEE Global Communications Conference, GLOBECOM 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 544-550 7036864.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Johnson, T & Lazos, L 2014, Network anomaly detection using autonomous system flow aggregates. in 2014 IEEE Global Communications Conference, GLOBECOM 2014., 7036864, Institute of Electrical and Electronics Engineers Inc., pp. 544-550, 2014 IEEE Global Communications Conference, GLOBECOM 2014, Austin, United States, 12/8/14. https://doi.org/10.1109/GLOCOM.2014.7036864
Johnson T, Lazos L. Network anomaly detection using autonomous system flow aggregates. In 2014 IEEE Global Communications Conference, GLOBECOM 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 544-550. 7036864 https://doi.org/10.1109/GLOCOM.2014.7036864
Johnson, Thienne ; Lazos, Loukas. / Network anomaly detection using autonomous system flow aggregates. 2014 IEEE Global Communications Conference, GLOBECOM 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 544-550
@inproceedings{490dbc284a264d5d92bbd255e3534015,
title = "Network anomaly detection using autonomous system flow aggregates",
abstract = "Detecting malicious traffic streams in modern computer networks is a challenging task due to the growing traffic volume that must be analyzed. Traditional anomaly detection systems based on packet inspection face a scalability problem in terms of computational and storage capacity. One solution to this scalability problem is to analyze traffic based on IP flow aggregates. However, IP aggregates can still result in prohibitively large datasets for networks with heavy traffic loads. In this paper, we investigate whether anomaly detection is still possible when traffic is aggregated at a coarser scale. We propose a volumetric analysis methodology that aggregates traffic at the Autonomous System (AS) level. We show that our methodology reduces the number of flows to be analyzed by several orders of magnitude compared with IP flow level analysis, while still detecting traffic anomalies.",
author = "Thienne Johnson and Loukas Lazos",
year = "2014",
month = "2",
day = "9",
doi = "10.1109/GLOCOM.2014.7036864",
language = "English (US)",
isbn = "9781479935116",
pages = "544--550",
booktitle = "2014 IEEE Global Communications Conference, GLOBECOM 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Network anomaly detection using autonomous system flow aggregates

AU - Johnson, Thienne

AU - Lazos, Loukas

PY - 2014/2/9

Y1 - 2014/2/9

N2 - Detecting malicious traffic streams in modern computer networks is a challenging task due to the growing traffic volume that must be analyzed. Traditional anomaly detection systems based on packet inspection face a scalability problem in terms of computational and storage capacity. One solution to this scalability problem is to analyze traffic based on IP flow aggregates. However, IP aggregates can still result in prohibitively large datasets for networks with heavy traffic loads. In this paper, we investigate whether anomaly detection is still possible when traffic is aggregated at a coarser scale. We propose a volumetric analysis methodology that aggregates traffic at the Autonomous System (AS) level. We show that our methodology reduces the number of flows to be analyzed by several orders of magnitude compared with IP flow level analysis, while still detecting traffic anomalies.

AB - Detecting malicious traffic streams in modern computer networks is a challenging task due to the growing traffic volume that must be analyzed. Traditional anomaly detection systems based on packet inspection face a scalability problem in terms of computational and storage capacity. One solution to this scalability problem is to analyze traffic based on IP flow aggregates. However, IP aggregates can still result in prohibitively large datasets for networks with heavy traffic loads. In this paper, we investigate whether anomaly detection is still possible when traffic is aggregated at a coarser scale. We propose a volumetric analysis methodology that aggregates traffic at the Autonomous System (AS) level. We show that our methodology reduces the number of flows to be analyzed by several orders of magnitude compared with IP flow level analysis, while still detecting traffic anomalies.

UR - http://www.scopus.com/inward/record.url?scp=84949922915&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84949922915&partnerID=8YFLogxK

U2 - 10.1109/GLOCOM.2014.7036864

DO - 10.1109/GLOCOM.2014.7036864

M3 - Conference contribution

SN - 9781479935116

SP - 544

EP - 550

BT - 2014 IEEE Global Communications Conference, GLOBECOM 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -