Modeling Traffic Flow Using Conversation Exchange Dynamics for Identifying Network Attacks (original) (raw)

Abstract

We present a novel approach to identifying anomalous network events Specifically, a method for characterizing and displaying the flow of conversations across a distributed system with a high number of interacting entities is discussed and analyzed. Results from from attacks contained in the DARPA Lincoln Lab IDS test data and from operational network traffic are presented. These results suggest that our approach presents a unique perspective on anomalies in computer network traffic.

Preview

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

1. Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Chalmers University Technical Report 99-15 (March 2000)
   Google Scholar
2. Burgess, M.: Thermal, nonequilibrium phase space for networked computers. The American Physical Society G2(2), 1738–1742 (2000)
   Google Scholar
3. Evans, S.C., Barnett, B.: Network security through conservation of complexity. In: Proceedings of IEEE Military Comms. Conf (MILCOM 2002), Los Angeles , pp. 1133–1138 (October 2002)
   Google Scholar
4. Donald, S.D., McMillen, R.V., Ford, D.A., McEachen, J.C.: Therminator 2: A realtime system for patternless intrusion detection. In: Proc. of the IEEE Military Comms. Conf (MILCOM 2002), Los Angeles, pp. 1498–1502 (October 2002)
   Google Scholar
5. Crovella, M., Bestavros, A.: Self-Similarity in world-wide web traffic: Evidence and possible causes. In: Proc. ACM Sigmetrics Conf. on Meas. And Mod. Of Comp. Sys. (May 1996)
   Google Scholar
6. Arlitt, M., Jin, T.: A workload characterization study of the 1998 world cup web site. IEEE Network (May/June 2000)
   Google Scholar
7. Massachusetts Institute Of Technology, Lincoln Laboratory, DARPA Intrusion Detection Evaluation ,September 14 (2003), http://www.ll.mit.edu/IST/ideval/index.html

Download references

Author information

Authors and Affiliations

1. Department of Computer Science and Engineering, University of South Carolina, Columbia, SC, USA
   Sudhamsu Mylavarapu
2. Department of Electrical and Computer Engineering, Naval Postgraduate School, Monterey, CA, USA
   John C. McEachen, Stefan L. Walch & John S. Marinovich
3. Innovative Emergency Management, Inc, Baton Rouge, LA, USA
   John M. Zachary

Authors

1. Sudhamsu Mylavarapu
2. John C. McEachen
3. John M. Zachary
4. Stefan L. Walch
5. John S. Marinovich

Editor information

Editors and Affiliations

1. Department of Computer Science, University of Beira Interior, Rua Marques d’Avila e Bolama, 6201-001, Covilha, Portugal
   Mário Marques Freire
2. France Telecom, Research and Development, CORE/SPP, 37-40 rue du Général Leclerc, 92794, Issy-les-Moulineaux Cedex 9, France
   Prosper Chemouil
3. IUT, University of Haute Alsace, 34, rue du Grillenbreit, 68008, Colmar, France
   Pascal Lorenz
4. Département Informatique, ENST-Bretagne, CS 83818, 29238, Brest Cedex 3, France
   Annie Gravey

Rights and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mylavarapu, S., McEachen, J.C., Zachary, J.M., Walch, S.L., Marinovich, J.S. (2004). Modeling Traffic Flow Using Conversation Exchange Dynamics for Identifying Network Attacks. In: Freire, M.M., Chemouil, P., Lorenz, P., Gravey, A. (eds) Universal Multiservice Networks. ECUMN 2004. Lecture Notes in Computer Science, vol 3262. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30197-4\_32

Download citation

• .RIS
• .ENW
• .BIB
• DOI: https://doi.org/10.1007/978-3-540-30197-4\_32
• Publisher Name: Springer, Berlin, Heidelberg
• Print ISBN: 978-3-540-23551-4
• Online ISBN: 978-3-540-30197-4
• eBook Packages: Springer Book Archive

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Publish with us