Model order selection and eigen similarity based framework for detection and identification of network attacks
Vieira TP, Tenório DF, da Costa JPC, de Freitas EP, Galdo GD, de Sousa Júnior RT (2017)
Publication Type: Journal article
Publication year: 2017
Journal
Book Volume: 90
Pages Range: 26-41
DOI: 10.1016/j.jnca.2017.04.012
Abstract
Novel schemes for attack detection are crucial to identify adaptive malicious traffic coming from sources that are quickly mobilized by attackers in high throughput communication networks. In this context, signal processing techniques have been applied to attack detection due to their capability to detect anomalies that are previously unknown, i.e. blind detection. This paper proposes a signal processing framework for the detection and identification of network attacks using concepts of model order selection (MOS), eigenvalues and similarity analysis. In order to validate the proposed framework, we consider network traffic datasets that contain malicious activity such as flood and port probing attacks. We propose to model the network traffic as a superposition of components, namely, user's operations (legitimate traffic), network service operation not related to the user (noise) and the malicious activity. The experiments performed in a real network and also using the DARPA 1998 public dataset show that the proposed blind detection approach achieves satisfactory levels of accuracy in terms of timely detection and identification of TCP/UDP ports under attack.
Involved external institutions
Universidade de Brasília
Brazil (BR)
Universidade Federal do Rio Grande do Sul (UFRGS)
Brazil (BR)
Technische Universität Ilmenau
Germany (DE)
Brazil (BR)
Universidade Federal do Rio Grande do Sul (UFRGS)
Brazil (BR)
Technische Universität Ilmenau
Germany (DE)
How to cite
APA:
Vieira, T.P., Tenório, D.F., da Costa, J.P.C., de Freitas, E.P., Galdo, G.D., & de Sousa Júnior, R.T. (2017). Model order selection and eigen similarity based framework for detection and identification of network attacks. Journal of Network and Computer Applications, 90, 26-41. https://doi.org/10.1016/j.jnca.2017.04.012
MLA:
Vieira, Thiago P.B., et al. "Model order selection and eigen similarity based framework for detection and identification of network attacks." Journal of Network and Computer Applications 90 (2017): 26-41.
BibTeX: Download