Browse > Article
http://dx.doi.org/10.13089/JKIISC.2004.14.4.111

Fast Detection Scheme for Broadband Network Using Traffic Analysis  

권기훈 (한국과학기술원)
한영구 (한국과학기술)
정석봉 (한국과학기술)
김세헌 (한국과학기술)
이수형 (한국전자통신연구)
나중찬 (한국전자통신연구원)
Abstract
With rapid growth of the Internet, network intrusions have greatly increased and damage of attacks has become more serious. Recently some kinds of Internet attacks cause significant damage to overall network performance. Current Intrusion Detection Systems are not capable of performing the real-time detection on the backbone network In this paper, we propose the broadband network intrusion detection system using the exponential smoothing method. We made an experiment with real backbone traffic data for 8 days. The results show that our proposed system detects big jumps of traffic volume well.
Keywords
Traffic Analysis; Fast Detection; Broadband Network;
Citations & Related Records
연도 인용수 순위
  • Reference
1 D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, 'The Spread of the Sapphire/Slammer Worm', http://www.caida.org/outreach/ papers/2003/sapphire/sapphire. html
2 D. Moore, V. Paxson, S. Savage, C. Shannon. S. Staniford, N. Weaver 'Inside the Slammer worm', IEEE Security & Privacy Magazine. v.1 . i.4, pp. 33-39, July-Aug. 2003   DOI   ScienceOn
3 J. L. Hellerstein, F. Zhang, P. Shahabuddin. 'A statistical approach to predictive detection', Computer Networks, vol 35, pp.77-95. 2001   DOI   ScienceOn
4 P. Barford, J. Kline, D. Plonka and A.Ron, 'A Signal Analysis of Network Traffic Anomalies', IMW'02, Nov.6-8, 2000
5 G. Box , G. Jenkins, and G. Reinsel, Time Series Analysis, 3rd ed.. Prentice Hall, 1994
6 한국정보보호진흥원, 2003년 7월 해킹바이러스 통계 및 분석 월보, 2003년 7월
7 J.B.D.Cabrera, L. Lewis. X. Qin, C. Gutierrez,W. Lee, R.K. Mehra, 'Proactive intrusion detection and SNMPbased security management : new experiments and validation', In Proceedings of FIP/IEEE Eighth International Symposium on Integrated Network Management, 24-28 March 2003
8 J.B.D.Cabrera, L. Lewis, X. Qin, C. Gutierrez,W. Lee, R.K. Mehra, 'Proactive Intrusion Detection and Distributed Denial of Service Attacks-A Case Study in Security Management', Journal of Network and Systems Management, vol. 10, num. 2, pp. 225-254, June 2002.   DOI   ScienceOn
9 Dorothy E. Denning, 'An intrusion detection model', IEEE Transactions on Software Engineering, v.13 n.2, pp. 222-232, Feb. 1987   DOI   ScienceOn
10 C. Zou, L. Gao, W. Gong, D. Towsley, 'Monitoring and Early Warning for Internet Worms', In Proceedings of the 10th ACM Conference on Computer and Communication Security, October 2003
11 조상현, 김한성, 이병희, 차성덕, '베이지언 추정을 이용한 웹 서비스 공격 탐지'. 한국정보보호학회논문지, vol. 13, no. 2, pp. 115-126, April 2003
12 J.Li, C. Manikopoulos, 'Early statistical anomaly intrusion detection of DOS attacks using MIB traffic parameters", Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society, pp. 53 - 59. June 2003
13 D. C. Montgomery, Introduction to Statistical Quality Control. John Wiley and Sons, 1997
14 F. Zhang. J. L. Hellerstein. 'An Approach to On-line Predictive Detection', In Proceedings of 8th International Symposium on Modeling. Analysis and Simulation of Computer and Telecommunication Systems, Aug. 29-Sep. 2000
15 Y. Shu, M. Yu, J. Liu: Yang and O.W.W, 'Wireless traffic modeling and prediction using seasonal ARIMA models', In Proceedings of IEEE International Conference on Communications, v.3, May 11-15, 2003
16 J. Zhang, C Xiao, 'A network earlywarning architecture using mobile agent', In Proceedings of 2003 International Conference on Computer Networks and Mobile Computing, pp.349-352, Oct. 2003
17 N. K. Groschwitz and G. C. Polyzos, 'A Time Series Model of Long-Term NSFNET Backbone Traffic', In Proceedings of IEEE International Conference on Communications, May 1994
18 N. Ye, S. Vilbert and Q. Chen, 'Computer Intrusion Detection Through EWMA for Autocorrelated and Uncorrelated Data', IEEE Transactions on Reliability, v.52, n.l. March 2003
19 B. Chen, S. Peng and K. Wang, 'Traffic Modeling, Prediction, and Congestion Control for High-Speed Networks : A Fuzzy AR Approach', IEEE Transactions on Fuzzy Systems, v.8, n.5, Oct. 2000
20 X. Gang, Z, Hui, 'Advanced methods for detecting unusual behaviors onnetworks in real-time', In Proceedings of International Conference on Communication Technology Proceedings, v.l. pp.291-295, Aug. 2000
21 J. Zhai, J. Tian, R. Du, J, Huang, 'Network Intrusion Early Warning Model Based on D-S Evidence Theory', In Proceedings of 2003 International Conference on Machine Learning and Cybernetics, vol. 4, pp. 1972-1977, Nov. 2003