An Anomaly Detection and Analysis Method for Network Traffic Based on Correlation Coefficient Matrix

Based on TCP protocol, this paper aims at TCP flows, discusses the effects of multivariate correlation analysis on network traffic, obtains the quantitative relationship between different types of TCP packets in each time unit by correlation coefficient matrix, and finally proposes an anomaly detect...

Full description

Saved in:
Bibliographic Details
Main Authors: Ning Chen, Xiao-Su Chen, Bing Xiong, Hong-Wei Lu
Format: Conference Proceeding
Language:English
Subjects:
anomaly detection
Computer crime
Computer networks
Computer vision
Computer worms
correlation coefficient matrix
Digital forensics
Embedded computing
Large-scale systems
network anomaly
Protocols
Statistics
TCP flow
Telecommunication traffic
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Based on TCP protocol, this paper aims at TCP flows, discusses the effects of multivariate correlation analysis on network traffic, obtains the quantitative relationship between different types of TCP packets in each time unit by correlation coefficient matrix, and finally proposes an anomaly detection and analysis method based on the correlation coefficient matrix. The experimental results show that our method can efficiently distinguish normal and abnormal traffic, and accurately detect and classify various anomaly behaviors (such as network scanning and DDoS attacks) in network traffic. The linear complexity of our method makes real-time detection and analysis practical.
DOI:10.1109/EmbeddedCom-ScalCom.2009.50