DSpace

King Saud University Repository >
King Saud University >
COLLEGES >
Science Colleges >
College of Engineering >
College of Engineering >

Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/12760

Title: Network Traffic Behavior Analysis by Decomposition into Control and Data Planes
Authors: Basil, AsSadhan
Hyong, Kim
José, M. F.
Moura
Xiaohui, Wang
Keywords: Network traffic analysis, cross-correlation function, abnormal behavior, anomaly detection, longrange dependence.
Issue Date: 2008
Citation: Proceedings of the 4th International Workshop on Security in Systems and Networks (SSN) in conjunction with IEEE IPDPS 2008, Miami, FL, USA, April 18, 2008.
Abstract: In this paper, we analyze network traffic behavior by decomposing header traffic into control and data planes to study the relationship between the two planes. By computing the cross-correlation between the control and data traffics, we observe a general 'similar' behavior between the two planes during normal behavior, and that this similarity is affected during abnormal behaviors. This allows us to focus on abnormal changes in network traffic behavior. We test our approach on the Network Intrusion Dataset provided by the Information Exploration Shootout (IES) project and the 1999 DARPA Intrusion detection Evaluation Dataset from the MIT Lincoln Lab. We find that TCP control and data traffic have high correlation levels during benign normal applications. This correlation is reduced when attacks that affect the aggregate traffic are present in the two datasets.
URI: http://hdl.handle.net/123456789/12760
Appears in Collections:College of Engineering

Files in This Item:

File Description SizeFormat
Eng-Ele-Basil AsSadha-4.doc36 kBMicrosoft WordView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

 

DSpace Software Copyright © 2002-2007 MIT and Hewlett-Packard - Feedback