09-06-2010, 10:08 PM
Statistical Techniques for Detecting Traffic Anomalies
Through Packet Header Data
This project aims at Creating a technique for traffic anomaly detection based on analyzing correlation of destination IP addresses in outgoing traffic at an egress router.The inspiration of this project is to prevent a attacker to hijack the campus machines to stage an attack on a third party. The packet header data of outgoing traffic is scanned to accomplish this, such as destination addresses, port numbers and the number of flows, in order to detect attacks/anomalies originating from the campus at the edge of a campus.The Traffic monitoring close to the source may enable the network operator quicker identification of potential anomalies. early detection of the attack can reduce the Attack propagation or slow it down.
In this approach, the network traffic is passively monitored at regular intervals and is analyzed to find any abnormalities in the aggregated traffic. By correlating it to previous states of traffic, it can be determined whether the current traffic is behaving in a similar (i.e., correlated) manner. Through this flash crowds, router failures, DoS attacks, bandwidth attacks etc can be detected.
for full details, refer this doc :
[attachment=3762]
Through Packet Header Data
This project aims at Creating a technique for traffic anomaly detection based on analyzing correlation of destination IP addresses in outgoing traffic at an egress router.The inspiration of this project is to prevent a attacker to hijack the campus machines to stage an attack on a third party. The packet header data of outgoing traffic is scanned to accomplish this, such as destination addresses, port numbers and the number of flows, in order to detect attacks/anomalies originating from the campus at the edge of a campus.The Traffic monitoring close to the source may enable the network operator quicker identification of potential anomalies. early detection of the attack can reduce the Attack propagation or slow it down.
In this approach, the network traffic is passively monitored at regular intervals and is analyzed to find any abnormalities in the aggregated traffic. By correlating it to previous states of traffic, it can be determined whether the current traffic is behaving in a similar (i.e., correlated) manner. Through this flash crowds, router failures, DoS attacks, bandwidth attacks etc can be detected.
for full details, refer this doc :
[attachment=3762]