Cespe UnB

Editorial Assistants:
W. Abrahão
G. Oliveira
L. Salgueiro

Editorial Technical Support:
D. H. Diaz
M. A. Gomez
J. Barbosa

Editorial management and production:
SOLGRAF Editora
solgraf@gmail.com






95/105= 0.91


1,1

Network traffic characterization based on Time Series Analysis and Computational Intelligence

doi: 10.6062/jcis.2011.02.03.0046(Free PDF)

Authors

Adriana C.Ferrari Santos, Jose Demisio Simões da Silva, Lília da Sá Silva and Milnea Prado da Costa Senne

Abstract

This paper presents an approach for computer network traffic characterization by using Time Series Analysis and Computational Intelligence techniques. HTTP network traffic datasets grouped into different periods of day were analyzed under Kurtosis, DFA and SOM-based clustering algorithms. The results obtained from the calculation of DFA and Kurtosis for each value of the attributes of the network session mapped a range of values of kurtosis and DFA regarded as the standard network. Any sessions of traffic whose attribute values when calculated with Kurtosis and DFA result values within the range mapped means the session is “normal” for that day and period. Were also obtained satisfactory results in the characterization of network traffic pattern through the application of clustering technique with rates of diversion and similarity of 10% and 70% respectively. The results have shown that, according to the observed datasets at certain time of day, the clusters may vary within a range of values, thus representing the traffic pattern behavior of the monitored network in specific period of the day and day of the week.

Keywords

computational mathematics, network traffic analysis, network security, time series analysis, computational intelligence application, data mining.

References

[1] CHAVES MHP. 2002. Análise de Estado de Tráfego de Redes TCP/IP para Aplicacao em Detecção de Intruso. Dissertacao de Mestrado em Computação Aplicada – INPE, set. 2002.

[2] ERTOZ L et al. 2003. Detection and summarization of novel net- work attacks using data mining. Technical Report. Minneapolis, USA: University of Minnesota. 20 p.

[3] FREITAS MR et al. 2009. Análise de anisotropia de imagens utilizando o método DFA: um estudo de caso na area de exploracao de petróleo. Anais XIV Simp ́ sio Brasileiro de Sensoriamento Remoto, Natal, Brasil, 25-30 abril 2009, INPE, p. 6463–6470.

[4] HAYKIN S. 2001. Redes neurais princípios e práticas, 2 ed. Porto Alegre: Bookman, 2001. 900 p. ISBN 8573077182.

[5] KAYACIK HG et al. 2003. On the capability of an SOM based intrusion detection system. In: IJCNN’2003 International Joint Conference on Neural Networks, 2003, Portland, Oregon, USA. Proceedings of... Piscataway, NJ, USA: IEEE, v. 3, p. 1808–1813.

[6] MILONE G. 2004. Estatística: geral e aplicada. São Paulo: Pioneira Thomson Learning.

[7] MUKKAMALA S & SUNG AH. 2003. Identifying significant fea- tures for network forensic analysis using artificial intelligence techniques. International Journal on Digital Evidence, 1(4).

[8] QAYYUM A et al. 2005. Taxonomy of Statistical Based Anomaly Detection Techniques for Intrusion Detection, IEEE International Conference on Emerging Technologies, Islarnabad, sept. 2005.

[9] PENG C. 1994. Mosaic organization of DNA nucleotides, Physical Review, 9(2), fev. 1994.

[10] SANTOS ACF, SILVA LS, SILVA JDS & ROSA RR. 2009. Aplicação de Técnicas de Análise de Séries Temporais em Dados de Tráfego de Rede. In: Workshop dos Cursos d

e Computação Aplicada, 9.,2009, INPE, São José dos Campos, SP. Anais... São José dos Campos: INPE. [11] SILVA LS, SANTOS ACF, MANCILHA DT, SILVA JDS & MONTES A. 2008. Detecting attack signatures in the real network traffic with Annida. Expert Systems with Application: An International Journal, 34(4), p. 2326–2333, may 2008. ISSN:0957-4174.

[12] SILVA LS. 2007. Uma Metodologia para Deteccao de Ataques no Tráfego de Redes baseada em Redes Neurais. 2007. 254 p. a Dissertacao (Doutorado em Computação Aplicada) – Instituto Nacional de Pesquisas Espaciais (INPE), São José dos Campos, SP.

[13] SILVA LS, SANTOS ACF, SILVA JDS & MONTES A. 2006. Ham- ming net and LVQ neural networks for classification of computer network attacks: a comparative analysis. In: SBRN’2006 Brazil- ian Neural Networks Symposium, 9., 2006, Ribeirão Preto, São Paulo. Anais... [S.l.]: IEEE Explore Digital Library, 2006. p.13. ISBN 0769526802 http://doi.eeeecomputersociety.org/10.1109/SBRN.2006.21.

[14] SILVA LS, MONTES A, SILVA JDS, MANCILHA TD & SANTOS ACF. 2006. A framework for analysis of anomalies in the network traffic. In: Workshop dos Cursos de Computacao Aplicada, 6., 2006, INPE, São José dos Campos, SP. Anais... São José dos Campos: INPE, 2006. Disponível em: Acesso em: 13 dez. 2006.

[15] SILVA LS, SANTOS ACF, SILVA JDS & MONTES A. 2005. AN- NIDA: Artificial Neural Network for Intrusion Detection Applica- tion – Aplicacao da Hamming Net para deteccao por assinatura. In: CBRN’2005 Congresso Brasileiro de Redes Neurais, 7., 2005, Natal, RN, Brasil. Anais... [S.l.]: [s.n.], 2005.

[16] SILVA LS, SANTOS ACF, SILVA JDS & MONTES A. 2004. Neural network application for attack detection in computer networks. In: IJCNN’2004 International Joint Conference on Neural Networks, 2004, Budapeste, Hungria. Proceedings... Piscataway, NJ, USA: IEEE, 2004. (INPE-11626-PRE/7007).

[17] VERONESE TB, ROSA RR, BOLZAN MJA, ROCHA FERNANDES HS & KARLICKY M. 2010. Fluctuation analysis of solar radio bursts associated with geoeffective X-class flares. In: Journal of Atmo- spheric and Solar-Terrestrial Physics, doi:10.1016/j.jastp.2010.09.030.

Search










Combining wavelets and linear spectral mixture model for MODIS satellite sensor time-series analysis
doi: 10.6062/jcis.2008.01.01.0005
Freitas and Shimabukuro(Free PDF)

Riddled basins in complex physical and biological systems
doi: 10.6062/jcis.2009.01.02.0009
Viana et al.(Free PDF)

Use of ordinary Kriging algorithm and wavelet analysis to understanding the turbidity behavior in an Amazon floodplain
doi: 10.6062/jcis.2008.01.01.0006
Alcantara.(Free PDF)

A new multi-particle collision algorithm for optimization in a high performance environment
doi: 10.6062/jcis.2008.01.01.0001
Luz et al.((Free PDF)

Reviewer Guidelines
(Under Construction)
Advertisers/Sponsors
Advertises Media Information