Modelling network traffic to detect new anomalies using principals components analysis
Modélisation du trafic réseau pour détecter de nouvelles anomalies à l'aide de l'analyse des composants principaux
Résumé
We introduce a novel real time anomaly intrusion detection method using a multivariate statistical technique based on principal component analysis (PCA) to detect new anomalies. In fact, new attack forms are increasing each day and most of the current intrusion detection systems are signature based ones. As a result, these signature based tools fail to detect the new attacks. For this reason, network traffic modeling should be done in order to apply anomaly detection methods directly on the new modeled traffic. Different characteristics of the network traffic are analyzed, packet by packet, using PCA and significant statistical measures are considered to discover the difference between the normal (legitimate) and abnormal (called also illegitimate or attacks) traffic. An algorithm issued from the different statistical measures is discussed and the different results, performed over real time traffic corresponding to the different flooding DDoS attacks and the slammer worm that has infected more than 100,000 vulnerable servers in less than ten minutes, are presented.
Origine : Fichiers produits par l'(les) auteur(s)
Loading...