research-article

Histogram-based traffic anomaly detection

Authors:

A. Kind,

M. P. Stoecklin,

X. DimitropoulosAuthors Info & Claims

IEEE Transactions on Network and Service Management, Volume 6, Issue 2

Pages 110 - 121

https://doi.org/10.1109/TNSM.2009.090604

Published: 01 June 2009 Publication History

Abstract

Identifying network anomalies is essential in enterprise and provider networks for diagnosing events, like attacks or failures, that severely impact performance, security, and Service Level Agreements (SLAs). Feature-based anomaly detection models (ab)normal network traffic behavior by analyzing different packet header features, like IP addresses and port numbers. In this work, we describe a new approach to feature-based anomaly detection that constructs histograms of different traffic features, models histogram patterns, and identifies deviations from the created models. We assess the strengths and weaknesses of many design options, like the utility of different features, the construction of feature histograms, the modeling and clustering algorithms, and the detection of deviations. Compared to previous feature-based anomaly detection approaches, our work differs by constructing detailed histogram models, rather than using coarse entropy-based distribution approximations. We evaluate histogram-based anomaly detection and compare it to previous approaches using collected network traffic traces. Our results demonstrate the effectiveness of our technique in identifying a wide range of anomalies. The assessed technical details are generic and, therefore, we expect that the derived insights will be useful for similar future research efforts.

Cited By

View all

Patra SSournac NTaieb SBaeza-Yates RBonchi F(2024)Detecting Abnormal Operations in Concentrated Solar Power Plants from Irregular Sequences of Thermal ImagesProceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining10.1145/3637528.3671623(5578-5589)Online publication date: 25-Aug-2024
https://dl.acm.org/doi/10.1145/3637528.3671623
Han DPan JPan RZhou DCao NHe JXu MChen W(2022)iNet: visual analysis of irregular transition in multivariate dynamic networksFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-020-0013-116:2Online publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1007/s11704-020-0013-1
Papadogiannaki EIoannidis S(2021)A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and CountermeasuresACM Computing Surveys10.1145/345790454:6(1-35)Online publication date: 13-Jul-2021
https://dl.acm.org/doi/10.1145/3457904
Show More Cited By

Histogram-based traffic anomaly detection
1. Networks
  1. Network services

Recommendations

Towards an immunity-based anomaly detection system for network traffic
KES'06: Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II

We have applied our previous immunity-based system to anomaly detection for network traffic, and confirmed that our system outperformed the single-profile method. For internal masquerader detection, the missed alarm rate was 11.21% with no false alarms. ...
Traffic dispersion graph based anomaly detection
SoICT '11: Proceedings of the 2nd Symposium on Information and Communication Technology

Detecting and diagnosing anomalous traffic are important aspects of managing IP networks. In this paper, we propose a novel approach to detect anomalous network traffic based on graph theory concepts such as degree distribution, maximum degree and dK-2 ...
Network Anomaly Detection Based on Traffic Prediction
SCALCOM-EMBEDDEDCOM '09: Proceedings of the 2009 International Conference on Scalable Computing and Communications; Eighth International Conference on Embedded Computing

As the development of Internet, it is more and more difficult to detect anomaly promptly and precisely. In this paper, we proposed an anomaly detection algorithm based on the predicting of multi-level wavelet detail signals synchronously. Firstly, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Network and Service Management

IEEE Transactions on Network and Service Management Volume 6, Issue 2

June 2009

73 pages

ISSN:1932-4537

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 June 2009

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Patra SSournac NTaieb SBaeza-Yates RBonchi F(2024)Detecting Abnormal Operations in Concentrated Solar Power Plants from Irregular Sequences of Thermal ImagesProceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining10.1145/3637528.3671623(5578-5589)Online publication date: 25-Aug-2024
https://dl.acm.org/doi/10.1145/3637528.3671623
Han DPan JPan RZhou DCao NHe JXu MChen W(2022)iNet: visual analysis of irregular transition in multivariate dynamic networksFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-020-0013-116:2Online publication date: 1-Apr-2022
https://dl.acm.org/doi/10.1007/s11704-020-0013-1
Papadogiannaki EIoannidis S(2021)A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and CountermeasuresACM Computing Surveys10.1145/345790454:6(1-35)Online publication date: 13-Jul-2021
https://dl.acm.org/doi/10.1145/3457904
Ji SJeong BJeong D(2021)Evaluating visualization approaches to detect abnormal activities in network traffic dataInternational Journal of Information Security10.1007/s10207-020-00504-920:3(331-345)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1007/s10207-020-00504-9
Protopsaltis ASarigiannidis PMargounakis DLytos AVolkamer MWressnegger C(2020)Data visualization in internet of thingsProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3409228(1-11)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3409228
Li QLin HWei XHuang YFan LDu JMa XChen TBernhaupt RMueller FVerweij DAndres JMcGrenere JCockburn AAvellino IGoguey ABjørn PZhao SSamson BKocielnik R(2020)MaraVis: Representation and Coordinated Intervention of Medical Encounters in Urban MarathonProceedings of the 2020 CHI Conference on Human Factors in Computing Systems10.1145/3313831.3376281(1-12)Online publication date: 21-Apr-2020
https://dl.acm.org/doi/10.1145/3313831.3376281
Wang MZhai XHu HHu G(2020)Traffic-Behavioral Anomaly Detection of Endhosts Based on Community DiscoveryArtificial Intelligence and Security10.1007/978-3-030-57884-8_66(751-762)Online publication date: 17-Jul-2020
https://dl.acm.org/doi/10.1007/978-3-030-57884-8_66
Zheng TSong LLiang HGuo BGuo L(2019)Online Anomaly Detection of Streaming Data for Space Payloads Based on Improved GNG AlgorithmProceedings of the 2019 4th International Conference on Multimedia Systems and Signal Processing10.1145/3330393.3330412(36-41)Online publication date: 10-May-2019
https://dl.acm.org/doi/10.1145/3330393.3330412
Sătmărean POprişa C(2019)Web Servers Protection Using Anomaly Detection for HTTP RequestsComputer Security10.1007/978-3-030-42051-2_6(77-90)Online publication date: 26-Sep-2019
https://dl.acm.org/doi/10.1007/978-3-030-42051-2_6
Arzani BCiraci SChamon LZhu YLiu HPadhye JLoo BOuthred GSeshan SBanerjee S(2018)007Proceedings of the 15th USENIX Conference on Networked Systems Design and Implementation10.5555/3307441.3307478(419-435)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.5555/3307441.3307478
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Towards an immunity-based anomaly detection system for network traffic

Traffic dispersion graph based anomaly detection

Network Anomaly Detection Based on Traffic Prediction

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations