International Journal of the Society of Materials Engineering for Resources
Online ISSN : 1884-6629
Print ISSN : 1347-9725
ISSN-L : 1347-9725
ICMR2009 AKITA II Originals
Network Anomaly Detection Based on R/S Pox Diagram
Akinori TAKAHASHIRyuji IGARASHIHiroshi UEDAYukio IWAYATetsuo KINOSHITA
Author information
Keywords: Anomaly Detection, Hurst Parameter, Pox Diagram, DoS Attack
JOURNAL FREE ACCESS

2010 Volume 17 Issue 2 Pages 186-192

Details
Download PDF (1399K)
Download citation RIS

(compatible with EndNote, Reference Manager, ProCite, RefWorks)

BIB TEX

(compatible with BibDesk, LaTeX)

Text
How to download citation
Contact us
Abstract

A method is proposed in this paper to detect attack traffic or anomaly by utilizing an R/S analysis. Our study so far indicates that a LS(Level Shift) or a Cycle superimposed on a discrete time series provides a dispersion in the R/S pox diagram. The LS is well expressed by both HSup and HInf, the slope of the upper- and the lower-most plots group of the pox diagram. By utilizing them as the indices of the anomaly traffic, the validity of our proposal is tested at first by a Bernoulli trial simulation and then with the traffic data of "1999 DARPA Intrusion Detection Evaluation Data Set". Tested attacks are TCP SYN Flood, UDP Storm, and Smurf and our investigations showed that HInf may become a promising parameter for the detection of flooding attacks.

Content from these authors
© 2010 The Society of Materials Engineering for Resources of Japan
Previous article Next article
Favorites & Alerts

Recently viewed articles
Share this page
feedback
 Top