Dynamic Modeling of Internet Traffic for Intrusion Detection

Latest revision as of 17:49, 3 February 2021

Abstract

/>

Computer network traffic is analyzed via mutual information techniques, implemented using linear and nonlinear canonical correlation analyses, with the specific objective of detecting UDP flooding attacks. NS simulation of HTTP, FTP, and CBR traffic shows that flooding attacks are accompanied by a change of mutual information, either at the link being flooded or at another upstream or downstream link. This observation appears to be topology independent, as the technique is demonstrated on the so-called parking-lot topology, random 50-node topology, and 100-node transit-stub topology. This technique is also employed to detect UDP flooding with low false alarm rate on a backbone link. These results indicate that a change in mutual information provides a useful detection criterion when no other signature of the attack is available.

Original document

The different versions of the original document can be found in:

http://dx.doi.org/10.1155/2007/90312

http://www.eecis.udel.edu/~bohacek/Papers/90312.pdf

https://asp-eurasipjournals.springeropen.com/track/pdf/10.1155/2007/90312 under the license cc-by

http://asp.eurasipjournals.com/content/2007/090312,

https://doaj.org/toc/1687-6172,

https://doaj.org/toc/1687-6180

http://dx.doi.org/10.1155/2007/90312,

https://doaj.org/toc/1687-6172,

https://doaj.org/toc/1687-6180

http://link.springer.com/content/pdf/10.1155/2007/90312.pdf,

http://dx.doi.org/10.1155/2007/90312

http://www.eecis.udel.edu/~bohacek/Papers/90312.pdf,

https://academic.microsoft.com/#/detail/2104774115

http://xplorestaging.ieee.org/ielx5/7965/22014/01024008.pdf?arnumber=1024008,

http://dx.doi.org/10.1109/acc.2002.1024008

https://dblp.uni-trier.de/db/journals/ejasp/ejasp2007.html#ShahJB07,

https://link.springer.com/article/10.1155/2007/90312,

https://core.ac.uk/display/81722736,

https://asp-eurasipjournals.springeropen.com/track/pdf/10.1155/2007/90312,

http://www.asp.eurasipjournals.com/content/pdf/1687-6180-2007-090312.pdf,

https://paperity.org/p/75304561/dynamic-modeling-of-internet-traffic-for-intrusion-detection,

https://asp-eurasipjournals.springeropen.com/articles/10.1155/2007/90312,

http://www.asp.eurasipjournals.com/content/2007/1/090312,

http://asp.eurasipjournals.springeropen.com/track/pdf/10.1155/2007/90312?site=asp.eurasipjournals.springeropen.com,

https://academic.microsoft.com/#/detail/2022314806

DOIS: 10.1155/2007/90312 10.1109/acc.2002.1024008

Latest revision as of 17:49, 3 February 2021

Abstract

Original document

Document information

Document Score

Share this document

Keywords

claim authorship

Revision as of 17:49, 3 February 2021 (view source) Scipediacontent (talk \| contribs) (Created page with " == Abstract == /> <p>Computer network traffic is analyzed via mutual information techniques, implemented using linear and nonlinear canonical correlation analyses, with the...")	Latest revision as of 17:49, 3 February 2021 (view source) Scipediacontent (talk \| contribs) m (Scipediacontent moved page Draft Content 960619238 to Shah et al 2006a)
(No difference)