IJNM - Network Anomaly Detection Using a Cross-Correlation Based LRD Analysis Camera Ready.pdf (6.14 MB)
Download file

Network anomaly detection using a cross‐correlation‐based long‐range dependence analysis

Download (6.14 MB)
journal contribution
posted on 24.06.2020, 13:10 by Basil AsSadhan, Abraham Alzoghaiby, Hamad Binsalleeh, Kostas KyriakopoulosKostas Kyriakopoulos, Sangarapillai LambotharanSangarapillai Lambotharan
The detection of anomalies in network traffic is an important task in today’s Internet. Among various anomaly detection methods, the techniques based on examination of the long-range dependence (LRD) behavior of network traffic stands out to be powerful. In this paper, we reveal anomalies in aggregated network traffic by examining the LRD behavior based on the cross-correlation function of the bidirectional control and data planes traffic. Specifically, observing that the conventional cross-correlation function has a low measure of dissimilarity between the two planes, which leads to a reduced anomaly detection performance, we propose a modification of the cross-correlation function to mitigate this issue. The performance of the proposed method is analyzed using a relatively recent Internet traffic captured at King Saud University. The results demonstrate that using the modified cross-correlation function has the ability to detect low volume and short duration attacks. It also compensates for some misdetections exhibited by using the autocorrelation structures of the bidirectional traffic of the control, data, and WHOLE (combined control and data) planes traffic.

Funding

Gulf Science, Innovation, and Knowledge Economy Programme of the U.K. Government under UK-Gulf Institutional Link Grant IL 279339985.

Research Center at the College of Engineering, King Saud University.

History

School

  • Mechanical, Electrical and Manufacturing Engineering

Published in

International Journal of Network Management

Volume

30

Issue

6

Publisher

Wiley

Version

AM (Accepted Manuscript)

Rights holder

© John Wiley & Sons, Ltd

Publisher statement

This is the peer reviewed version of the following article: ASSADHAN, B. … et al, 2020. Network anomaly detection using a cross‐correlation‐based long‐range dependence analysis. International Journal of Network Management, 30 (6), e2129, which has been published in final form at https://doi.org/10.1002/nem.2129. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Use of Self-Archived Versions.

Acceptance date

10/06/2020

Publication date

2020-07-30

Copyright date

2020

ISSN

1055-7148

eISSN

1099-1190

Language

en

Depositor

Dr Kostas Kyriakopoulos. Deposit date: 23 June 2020

Article number

e2129