Author, Subjects, Keywords

Cited Author

 
 
   » By Author or Editor
 » Browse Author by Alphabet
 » By Journal
 » By Subjects
 » Malaysian Journals
 » By Type
 » By Year
 » By Latest Additions
 
 
   » By Author
 » Top 20 Authors
 » Top 20 Article
 » Top Journal Cited
 » Top Article Cited
 » Journal Citation Statistics
 » Usage Since Sept 2007


 
 
 

Login | Create Account

Visualizing Network Traffic as Images for Network Anomaly Detection

Samabia Tehsin, and Dr. Shoab Ahmed Khan, and Naveed Sarfraz Khattak, (2007) Visualizing Network Traffic as Images for Network Anomaly Detection. In: Research Excellence and Knowledge Enrichment in ICT: Proceeding of the 2nd International Conference on Informatics, 27th - 28th November 2007, Petaling Jaya, Selangor, Malaysia.

Full text not available from this repository.

Affiliations

National University of Science & Technology, Military College of Signals, Computer Science Dept.
National University of Science & Technology, College of Electrical & Mechanical Engineering, Computer Engineering Dept.

Abstract

This paper presents novel methodology to visualize network traffic. In this paper, method of transforming network packet header data to image is proposed. Methodology to detect anomalies from these images is also projected. This method can be used for real time anomaly detection and intrusion detection. Images can be processed in a number of ways to extract information from it. This formulation enables techniques from image processing to be applied to the analysis of packet header data to reveal interesting properties of traffic. Network anomaly detection systems can also take help from these processes. This method can detect anomalies in an efficient manner and can be used as the basis of number of new anomaly detection methods. Analysis of results of intrusion detection is also presented. This methodology is evaluated using MIT Lincoln Laboratory 1999 DARPA Off-Line Intrusion Detection Evaluation dataset. Our focus here is to develop an innovative technique for network packet header visualization that will highlight the features of the network data most vulnerable to intrusions. Our approach is compared against ALAD and PHAD techniques and results are reported.

Item Type:Conference or Workshop Item (Paper)
Keywords:Intrusion detection, network traffic visualization, denial of service, probes.
Subjects:Q Science
T Technology
ID Code:1519

[1] Animesh Patcha and Jung-Min Park,” Detecting Denial-of-Service Attacks with Incomplete Audit Data”, Proc. 14th IEEE Conf. on Communications and Networks, San Diego, California USA, Oct. 2005, pp.263 – 268.

[2] B. Yocom., R. Birdsall and D. Poletti-Metzel, “Gigabit intrusiondetection systems”, http://www.nwfusion.com/reviews/2002/1104rev.html, 2002.

[3] P. Barford, J. Kline, D. Plonka and A. Ron, “A Signal Analysis of Network Traffic Anomalies,” Proc. of ACM SIGCOMM Internet Measurement Workshop (IMW), Marseille, France, Nov. 2002.

[4] S. Mukkamala, G. Janoski, A. Sung, “Intrusion Detection Using Neural Networks and Support Vector Machines”, Proc. of IEEE International Joint Conference on Neural Networks, Hawaii, May. 2002, pp. 1702-1707.

[5] Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Srivastava, J., Kumar, V., Dokas, P., “The MINDS - Minnesota Intrusion Detection System”, Next Generation Data Mining, MIT Press, 2004

[6] Xin Xu, Xuening Wang, “An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines”, Proc. of the 1st International Conference on Advanced Data Mining and Applications (ADMA’05), Wuhan, China, July. 2005,pp. 696-703.

[7] Christos Siaterlis and Basil Maglaris, “Detecting DDoS attacks with passive measurement based heuristics”, proc. 9th IEEE Symposium on Computer and Communications, Alexandria, EGYPT, 2004,vol. 2, pp. 339-344.

[8] Iosif-Viorel Onut, Bin Zhu, Ali A. Ghorbani, ”A novel visualization technique for network anomaly detection”, proc.2nd Annual Conf. on Privacy Security and trust, Fredericton, Canada, 2004, pp.167-174.

[9] tnv network visualization technique, http://tnv.sourceforge.net/, May 20, 2007,last accessed.

[10] traffic visualization softwares, http://www.tamos.com/products/commtraffic/, May 20, 2007,last accessed.

[11] R. F. Erbacher, “Visual Traffic Monitoring and Evaluation”, Proc. of the Conference on Internet Performance and Control of Network Systems II, Denver, CO, Aug. 2001, pp. 153-160.

[12] C. Zhao and J. Mayo, “A TCP/UDP Visualization Tool: Visual TCP/UDP Animator(VTA)”, ICEE International Conference on Engineering Education UMIST, Manchester, UK. Aug. 2002.

[13] Windows version of tcpdump, http://www.winpcap.org/windump/, May 20, 2007,last accessed.

[14] Nikolas Askitis and Justin Zobel, “Cache-Conscious Collision Resolution in String Hash Tables”, Proc. 12th International Conf. on String Processing and Information Retrieval, Buenos Aires, Argentina, 2005, pp. 91–102.

[15] MathWorld, Web extensive mathematics resource, http://mathworld.wolfram.com/LikelihoodRatio.html

[16] Matthew V. Mahoney and Philip K. Chan, “Learning Nonstationary Models of Normal Traffic for Detecting Novel Attacks”, Proc. of the 8th International Conference on Knowledge Discovery and Data Mining, Alberta, Canada, Jul.2002, pp. 376-385.

Repository Staff Only: item control page
 
 
 
 
 
 
© Copyright 2007 MyAIS Faculty of Computer Science and Information Technology, University of Malaya – All Rights Reserved. Malaysian Abstracting and Indexing System is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.