Journal
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Volume 14, Issue 6, Pages 1471-1484Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TIFS.2018.2879616
Keywords
Traffic classification; anomaly detection; fingerprinting traffic applications; nonparametric clustering; DDoS attack detection
Funding
- ITRC [IITP-2018-2015-0-00403]
- MSIT [2016-0-00078]
Ask authors/readers for more resources
Because of the dynamic nature of network traffic patterns, such as new traffic application arrivals or flash events, it is becoming increasingly difficult for conventional anomaly detection systems to separate various applications based on their traffic patterns. In this paper, by leveraging transport layer packet-level and flow-level features, new structures called application fingerprints are generated, which express such features in a compact and efficient manner. Based on the generated fingerprints, we propose a novel traffic classification framework. The proposed system generates profiles of normal applications using a multi-modal probability distribution. The proposed classification framework is then extended to detect distributed denial of service attacks from the collected statistical information at flow level. To demonstrate the feasibility of the proposed system, we evaluate its performance using five real-world traffic datasets. The experiment results show that the proposed method is capable of achieving an accuracy of over 97%, whereas the misclassification rate is only 2.5%.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available