https://scholars.lib.ntu.edu.tw/handle/123456789/413173
標題: | An effective anomaly traffic detection system via quadruple attributes for NTU campus network | 作者: | Li M.-W. Day W.-Y. Lin P. Chen H.-H. |
關鍵字: | Anomaly-based detection;Clustering;Network anomaly detection;P2P pattern detection | 公開日期: | 2009 | 卷: | 10 | 期: | 5 | 起(迄)頁: | 497-504 | 來源出版物: | Journal of Internet Technology | 摘要: | The evolution of network attacks be comes unpredictable due to the prevalence of the Internet and the increasing of network bandwidth. From our network logs, we can observe that many anomalies do not target at a specific port and new anomalies are arising swiftly without specific signatures. Thus, the approaches of monitoring some specific ports and inspecting packet content for detection of anomaly signatures, adopted in our current campus network anomaly detection systems, is insufficient. This paper proposes a network anomaly diagnosis mechanism that is aimed at detecting suspicious host behaviors before the breakout of the attacks/or anomalies. It employs four levels of attributes to describe the network traffic characteristics of the hosts. This mechanism successfully detects and separates anomaly traffic such as P2P applications, network attacks, and stealthy backdoors, which fail to be detected by current port based traffic monitoring systems commonly deployed in campus network. The proposed mechanism successfully complements the current campus-wide network anomaly detection systems. |
URI: | https://scholars.lib.ntu.edu.tw/handle/123456789/413173 | ISSN: | 16079264 | SDG/關鍵字: | Backdoors; Campus network; Host behaviors; Network anomalies; Network anomaly detection; Network attack; Network bandwidth; Network traffic; P2P applications; Packet contents; Pattern detection; Traffic detection; Traffic monitoring systems; Computer crime; Telecommunication traffic; Peer to peer networks |
顯示於: | 資訊工程學系 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。