A flow-based method for abnormal network traffic detection

IEEE Symposium Record on Network Operations and Management Symposium

Volumn , Issue , 2004, Pages 599-612

  Kim, Myung Sup ^a   Kong, Hun Jeong ^a   Hong, Seong Cheol ^a   Chung, Seung Hwa ^a   Hong, James W ^a  

^a Pohang University of Science and Technology (POSTECH)   (South Korea)

Author keywords

Abnormal Network Traffic Detection; Network Security Attack; Traffic Monitoring and Analysis

Indexed keywords

ABNORMAL NETWORK TRAFFIC DETECTION; NETWORK SECURITY ANALYSIS; NETWORK TRAFFIC DETECTION; TRAFFIC MONITORING AND ANALYSIS;

ALGORITHMS; BANDWIDTH; DATA PROCESSING; DEMODULATION; PACKET NETWORKS; SECURITY OF DATA; SOFTWARE PROTOTYPING; TELECOMMUNICATION TRAFFIC;

COMPUTER NETWORKS;

EID: 4544268957     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (25)

1. CNN, Immense network assault takes down yahoo, February 2000, http://www.cnn.com/2000/TECH/computing/02/08/yahoo.assault.idg/index.ht ml.
2. CNN, Cyber-attacks batter web heavyweights, February 2000, http://www.cnn.com/2000/TECH/computing/02/09/cyber.attacks.01/.
3. Drew Dean, Matt Franklin, and Adam Stubblefield, "An algebraic approach to ip traceback," Proc. of Network and Distributed System Security Symposium, NDSS '01, San Diego, California, February 2001.
4. L. John Ioannidis and Steven M. Bellovin, "Implementing pushback: Router-based defense against DDoS attacks," Proc. of Network and Distributed System Security Symposium, NDSS '02, San Diego, California. February 2002.
5. Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, "Practical network support for IP traceback," Proc. of the 2000 ACM SIGCOMM, Stockholm, Sweden, August 2000.
6. Kun-chan Lan, Alefiya Hussain, and Debojyoti Dutta, "Effect of Malicious Traffic on the Network," Proc. of PAM 2003, San Diego, California, April 2003.
7. Se-Hee Han, Myung-Sup Kim, Hong-Taek Ju, and James W. Hong, "The Architecture of NG-MON: A Passive Network Monitoring System," Lecture Notes in Computer Science 2506, 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM 2002), Montreal, Canada, October 2002, pp. 16-27.
8. Siegfried Lifler, "Using Flows for Analysis and Measurement of Internet Traffic," Diploma Thesis, Istitute of Communication Network and Computer Engineering, University of Stuttgart, Germany, 1997.
9. Cisco, White Papers, "NetFlow Services and Applications," http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm.
10. Fyodor, "The Art of Port Scanning," http://www.insecure.org/ nmap/nmap_doc.html.
11. D. Moore, G. M. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity," Proc. of USENIX Security Symposium, Washington D.C, Aug 2001.
12. Common Vulnerabilities and Exposures (CVE), "Ping-of-Death (CVE-1999-0128),"http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-1999-0128.
13. Common Vulnerabilities and Exposures (CVE), "Land (CVE-1999-0016)," http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 1999-0016.
14. Common Vulnerabilities and Exposures (CVE), "SYN flood (CVE-1999-0116)," http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 1999-0116.
15. Common Vulnerabilities and Exposures (CVE), "Smurf (CVE-1999-0513)," http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 1999-0513.
16. Common Vulnerabilities and Exposures (CVE), "UDP packet storm (CVE-1999-0103)," http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 1999-0103.
17. Common Vulnerabilities and Exposures (CVE), "Fraggle (CVE-1999-0514)," http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 1999-0514.
18. Common Vulnerabilities and Exposures (CVE), "HTTP request flood (CVE-1999-0867)," http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 1999-0867.
19. M. Roesch, "Snort - lightweight intrusion detection for networks," http://www.snort.org.
20. Rudolf B. Blazek, Hongjoong Kim, Boris Rozovskii, and Alexander Tartakovsky, "A novel approach to detection of denial-of-service attacks via adaptive sequential and batch sequential change-point detection methods," Pro. of IEEE Systems, Man and Cybernetics Information Assurance Workshop, New York, June 2001.
21. David K. Y. Yau, John C. S. Lui, and Feng Lian, "Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles," Proc. of IEEE International Workshop on Quality of Service (IWQoS), Miami Beach, Florida, May 2002.
22. Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao, "Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring," http://www.ee.mu.oz.au/pgrad/taop/research/detection.pdf.
23. eDonkey, http://www.edonkey2000.com/.
24. rd Electrical Engineering Conference (EECON-23), Chiangmai, Thailand, November 2000.
25. Welchia Internet Worm, http://securityresponse.symantec.com/avcenter/ venc/data/w32.welchia.worm.html.