Editorial Office:
Management:
R. S. Oyarzabal
Technical Support:
D. H. Diaz
M. A. Gomez
W. Abrahão
G. Oliveira
Publisher by Knobook Pub
doi: 10.6062/jcis.2011.02.03.0046(Free PDF)
Adriana C.Ferrari Santos, Jose Demisio Simões da Silva, Lília da Sá Silva and Milnea Prado da Costa Senne
This paper presents an approach for computer network traffic characterization by using Time Series Analysis and Computational Intelligence techniques. HTTP network traffic datasets grouped into different periods of day were analyzed under Kurtosis, DFA and SOM-based clustering algorithms. The results obtained from the calculation of DFA and Kurtosis for each value of the attributes of the network session mapped a range of values of kurtosis and DFA regarded as the standard network. Any sessions of traffic whose attribute values when calculated with Kurtosis and DFA result values within the range mapped means the session is “normal” for that day and period. Were also obtained satisfactory results in the characterization of network traffic pattern through the application of clustering technique with rates of diversion and similarity of 10% and 70% respectively. The results have shown that, according to the observed datasets at certain time of day, the clusters may vary within a range of values, thus representing the traffic pattern behavior of the monitored network in specific period of the day and day of the week.
computational mathematics, network traffic analysis, network security, time series analysis, computational intelligence application, data mining.
[1] CHAVES MHP. 2002. Análise de Estado de Tráfego de Redes TCP/IP para Aplicacao em Detecção de Intruso. Dissertacao de Mestrado em Computação Aplicada – INPE, set. 2002.
[2] ERTOZ L et al. 2003. Detection and summarization of novel net- work attacks using data mining. Technical Report. Minneapolis, USA: University of Minnesota. 20 p.
[3] FREITAS MR et al. 2009. Análise de anisotropia de imagens utilizando o método DFA: um estudo de caso na area de exploracao de petróleo. Anais XIV Simp ́ sio Brasileiro de Sensoriamento Remoto, Natal, Brasil, 25-30 abril 2009, INPE, p. 6463–6470.
[4] HAYKIN S. 2001. Redes neurais princípios e práticas, 2 ed. Porto Alegre: Bookman, 2001. 900 p. ISBN 8573077182.
[5] KAYACIK HG et al. 2003. On the capability of an SOM based intrusion detection system. In: IJCNN’2003 International Joint Conference on Neural Networks, 2003, Portland, Oregon, USA. Proceedings of... Piscataway, NJ, USA: IEEE, v. 3, p. 1808–1813.
[6] MILONE G. 2004. Estatística: geral e aplicada. São Paulo: Pioneira Thomson Learning.
[7] MUKKAMALA S & SUNG AH. 2003. Identifying significant fea- tures for network forensic analysis using artificial intelligence techniques. International Journal on Digital Evidence, 1(4).
[8] QAYYUM A et al. 2005. Taxonomy of Statistical Based Anomaly Detection Techniques for Intrusion Detection, IEEE International Conference on Emerging Technologies, Islarnabad, sept. 2005.
[9] PENG C. 1994. Mosaic organization of DNA nucleotides, Physical Review, 9(2), fev. 1994.
[10] SANTOS ACF, SILVA LS, SILVA JDS & ROSA RR. 2009. Aplicação de Técnicas de Análise de Séries Temporais em Dados de Tráfego de Rede. In: Workshop dos Cursos d
e Computação Aplicada, 9.,2009, INPE, São José dos Campos, SP. Anais... São José dos Campos: INPE. [11] SILVA LS, SANTOS ACF, MANCILHA DT, SILVA JDS & MONTES A. 2008. Detecting attack signatures in the real network traffic with Annida. Expert Systems with Application: An International Journal, 34(4), p. 2326–2333, may 2008. ISSN:0957-4174.
[12] SILVA LS. 2007. Uma Metodologia para Deteccao de Ataques no Tráfego de Redes baseada em Redes Neurais. 2007. 254 p. a Dissertacao (Doutorado em Computação Aplicada) – Instituto Nacional de Pesquisas Espaciais (INPE), São José dos Campos, SP.
[13] SILVA LS, SANTOS ACF, SILVA JDS & MONTES A. 2006. Ham- ming net and LVQ neural networks for classification of computer network attacks: a comparative analysis. In: SBRN’2006 Brazil- ian Neural Networks Symposium, 9., 2006, Ribeirão Preto, São Paulo. Anais... [S.l.]: IEEE Explore Digital Library, 2006. p.13. ISBN 0769526802 http://doi.eeeecomputersociety.org/10.1109/SBRN.2006.21.
[14] SILVA LS, MONTES A, SILVA JDS, MANCILHA TD & SANTOS
ACF. 2006. A framework for analysis of anomalies in the network
traffic. In: Workshop dos Cursos de Computacao Aplicada, 6.,
2006, INPE, São José dos Campos, SP. Anais... São José dos
Campos: INPE, 2006. Disponível em:
[15] SILVA LS, SANTOS ACF, SILVA JDS & MONTES A. 2005. AN- NIDA: Artificial Neural Network for Intrusion Detection Applica- tion – Aplicacao da Hamming Net para deteccao por assinatura. In: CBRN’2005 Congresso Brasileiro de Redes Neurais, 7., 2005, Natal, RN, Brasil. Anais... [S.l.]: [s.n.], 2005.
[16] SILVA LS, SANTOS ACF, SILVA JDS & MONTES A. 2004. Neural network application for attack detection in computer networks. In: IJCNN’2004 International Joint Conference on Neural Networks, 2004, Budapeste, Hungria. Proceedings... Piscataway, NJ, USA: IEEE, 2004. (INPE-11626-PRE/7007).
[17] VERONESE TB, ROSA RR, BOLZAN MJA, ROCHA FERNANDES HS & KARLICKY M. 2010. Fluctuation analysis of solar radio bursts associated with geoeffective X-class flares. In: Journal of Atmo- spheric and Solar-Terrestrial Physics, doi:10.1016/j.jastp.2010.09.030.