Non Gaussian and long memory statistical characterisations for Internet traffic with anomalies

Abstract : The Internet aims at providing a wide range of services for a large variety of applications. Hence, it is highly sensitive to traffic anomalies (e.g., failures, flash crowds,...) as well as to DoS attacks, which are likely to significantly reduce the Quality of Service level. Current intrusion detection systems, specially those based on anomaly detection, are not providing efficient nor satisfactory solutions for DoS attack tracking. This is mainly due to difficulties in distinguishing between strong but legitimate traffic variations and DoS attack induced changes. The goal of this work is to compare relevant statistical characteristics of regular traffic to those of traffic presenting anomalies. To do so, we introduce a non Gaussian long memory model and develop estimators for the corresponding parameters. First, we show that this model relevantly describes Internet traffic for a wide range of aggregation levels, using both a large set of data taken from public reference repositories (Bellcore, LBL, Auckland, UNC, CAIDA) and data collected by ourselves. Second, we show that the proposed model also describes meaningfully traffic with anomalies such as flash crowd and DoS attacks which we generated and collected. We show that the behaviors of the parameters of the model enables us to discriminate between regular and anomalous traffic, and between flash crowds and DoS attacks. We also derive analytically procedures to numerically synthesize realizations of stochastic processes with prescribed non Gaussian marginals and long range dependent covariances. This enables us to validate the relevance and accuracy of our characterization procedures. Finally, we describe various applications based on the proposed model.
Document type :
Reports
Complete list of metadatas

Cited literature [52 references]  Display  Hide  Download

https://hal-lara.archives-ouvertes.fr/hal-02102189
Contributor : Colette Orange <>
Submitted on : Wednesday, April 17, 2019 - 10:06:20 AM
Last modification on : Tuesday, November 5, 2019 - 3:58:13 PM

File

RR2005-35.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02102189, version 1

Collections

Citation

Antoine Scherrer, Nicolas Larrieu, Philippe Owezarski, Pierre Borgnat, Patrice Abry. Non Gaussian and long memory statistical characterisations for Internet traffic with anomalies. [Research Report] LIP RR-2005-35, Laboratoire de l'informatique du parallélisme. 2005, 2+21p. ⟨hal-02102189⟩

Share

Metrics

Record views

12

Files downloads

29