Huang Kai Qi Zhengwei Liu Bo Shanghai Jiao Tong University.

Slides:

Advertisements

Similar presentations

Applications of one-class classification

Advertisements

Connection-level Analysis and Modeling of Network Traffic understanding the cause of bursts control and improve performance detect changes of network state.

Copyright © 2005 Department of Computer Science CPSC 641 Winter Self-Similarity in WAN Traffic A subsequent paper established the presence of network.

Traffic and routing. Network Queueing Model Packets are buffered in egress queues waiting for serialization on line Link capacity is C bps Average packet.

Speaker: Yu-Fu Huang Advisor: Dr. Kai-Wei Ke Date : 2014, Mar. 17 A page-oriented WWW traffic model for wireless system simulations.

CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.

Secrecy Capacity Scaling of Large-Scale Cognitive Networks Yitao Chen 1, Jinbei Zhang 1, Xinbing Wang 1, Xiaohua Tian 1, Weijie Wu 1, Fan Fu 2, Chee Wei.

What’s Your Guess? Chapter 9: Review of Convergent or Divergent Series.

Anomaly Detection in the WIPER System using A Markov Modulated Poisson Distribution Ping Yan Tim Schoenharl Alec Pawling Greg Madey.

1 Self-Similar Wide Area Network Traffic Carey Williamson University of Calgary.

Networks and Distributed Systems: Project Ideas

 Don Towsley 2000 Network Tomography for the Internet: Open Problems D. Towsley U. Massachusetts.

Financial Networks with Static and dynamic thresholds Tian Qiu Nanchang Hangkong University.

Most slides from Expectation Maximization (EM) Northwestern University EECS 395/495 Special Topics in Machine Learning.

無線區域網路中自我相似交通流量之成因與效能評估 The origin and performance impact of self- similar traffic for wireless local area networks 報告者：林文祺指導教授：柯開維博士.

A Nonstationary Poisson View of Internet Traffic T. Karagiannis, M. Molle, M. Faloutsos University of California, Riverside A. Broido University of California,

Self-Similarity in Network Traffic Kevin Henkener 5/29/2002.

Influence of File Size Distribution on Legacy LAN QoS Parameters Nikolaus Färber Nov. 15, 2000.

Clustering with Bregman Divergences Arindam Banerjee, Srujana Merugu, Inderjit S. Dhillon, Joydeep Ghosh Presented by Rohit Gupta CSci 8980: Machine Learning.

Enhancing TCP Fairness in Ad Hoc Wireless Networks Using Neighborhood RED Kaixin Xu, Mario Gerla University of California, Los Angeles {xkx,

Investigating Forms of Simulating Web Traffic Yixin Hua Eswin Anzueto Computer Science Department Worcester Polytechnic Institute Worcester, MA.

Traffic modeling and Prediction ----Linear Models

1 Chapters 9 Self-SimilarTraffic. Chapter 9 – Self-Similar Traffic 2 Introduction- Motivation Validity of the queuing models we have studied depends on.

Capacity analysis of complex materials handling systems.

OPTIMAL SERVER PROVISIONING AND FREQUENCY ADJUSTMENT IN SERVER CLUSTERS Presented by: Xinying Zheng 09/13/ XINYING ZHENG, YU CAI MICHIGAN TECHNOLOGICAL.

Exploiting Clustering Techniques for Web Session Inference A.Bianco, G. Mardente, M. Mellia, M.Munafò, L. Muscariello (Politecnico di Torino)

1 Heterogeneity in Multi-Hop Wireless Networks Nitin H. Vaidya University of Illinois at Urbana-Champaign © 2003 Vaidya.

Improving Capacity and Flexibility of Wireless Mesh Networks by Interface Switching Yunxia Feng, Minglu Li and Min-You Wu Presented by: Yunxia Feng Dept.

Capacity analysis of complex materials handling systems.

Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu.

Who Is Peeping at Your Passwords at Starbucks? To Catch an Evil Twin Access Point DSN 2010 Yimin Song, Texas A&M University Chao Yang, Texas A&M University.

Distributed Monitoring and Aggregation in Wireless Sensor Networks INFOCOM 2010 Changlei Liu and Guohong Cao Speaker: Wun-Cheng Li.

Bridged Refinement for Transfer Learning XING Dikan, DAI Wenyua, XUE Gui-Rong, YU Yong Shanghai Jiao Tong University

Convergecast with MIMO Luoyi Fu, Yi Qin, Xinbing Wang Department of Electronic Engineering Shanghai Jiao Tong University, China Xue Liu Department of Computer.

Scenario: Internet Attack Eunice Huang. What is DDoS? A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to.

Converge-Cast: On the Capacity and Delay Tradeoffs Xinbing Wang Luoyi Fu Xiaohua Tian Qiuyu Peng Xiaoying Gan Hui Yu Jing Liu Department of Electronic.

A Medium Access Protocol for Interconnecting ATM and Wireless Networks Time division multiple access/frequency division duplex. Voice mobiles require real-time.

Goricheva Ruslana. Statistical properties of the regenerative processes with networking applications.

The Restricted Matched Filter for Distributed Detection Charles Sestok and Alan Oppenheim MIT DARPA SensIT PI Meeting Jan. 16, 2002.

KAIS T On the problem of placing Mobility Anchor Points in Wireless Mesh Networks Lei Wu & Bjorn Lanfeldt, Wireless Mesh Community Networks Workshop, 2006.

Networking  Networking is of linking two or more computing devices together for the purpose of sharing data.

1 Admission Control for Non-preprovisioned Service Flow in Wireless Metropolitan Area Networks Liping Wang, Fuqiang Liu, Yusheng Ji, and Nararat Ruangchaijatupon.

Multicast Scaling Laws with Hierarchical Cooperation Chenhui Hu, Xinbing Wang, Ding Nie, Jun Zhao Shanghai Jiao Tong University, China.

Notices of the AMS, September Internet traffic Standard Poisson models don’t capture long-range correlations. Poisson Measured “bursty” on all time.

ICCV 2007 Optimization & Learning for Registration of Moving Dynamic Textures Junzhou Huang 1, Xiaolei Huang 2, Dimitris Metaxas 1 Rutgers University 1,

Yiting Xia, T. S. Eugene Ng Rice University

Computing and Compressive Sensing in Wireless Sensor Networks

An IP-based multimedia traffic generator

Outline Introduction Characteristics of intrusion detection systems

A Framework for Automatic Resource and Accuracy Management in A Cloud Environment Smita Vijayakumar.

Roland Kwitt & Tobias Strohmeier

Notices of the AMS, September 1998

Given the series: {image} and {image}

Ratio Test THE RATIO AND ROOT TESTS Series Tests Test for Divergence

Test the series for convergence or divergence. {image}

Test the series for convergence or divergence. {image}

CORE Security Technologies

Direct Comparison Test

Variability 8/24/04 Paul A. Jensen

بسمه تعالی کارگاه ارزشیابی پیشرفت تحصیلی

Presented by Chun Zhang 2/14/2003

On Convolutional Neural Network

10701 Recitation Pengtao Xie

Both series are divergent. A is divergent, B is convergent.

Wednesday, April 10, 2019.

Statistical based IDS background introduction

Requirements of Computing in Network

Scaling behavior of Human dynamics in financial market

Presentation transcript:

Huang Kai Qi Zhengwei Liu Bo Shanghai Jiao Tong University. Network Anomaly Detection: Based on Statistical Approach and Time Series Analysis Huang Kai Qi Zhengwei Liu Bo Shanghai Jiao Tong University. Hello ladies and gentle

Outline Problem description Data flow statistical characteristic Statistical Analysis Time Series Analysis Conclusion 5/18/2009 FINA'09

Problem description Why statistical approach? Network anomaly signature based approach.(DPI) Privacy problem. Machining learning based approach. Hard to be real time. 5/18/2009 FINA'09

Problem description Why our approach? Users’ different definition of network anomaly. Adaptability to the developing network. 5/18/2009 FINA'09

Data flow statistical characteristic Complicated statistical characteristics! Poisson process Telnet connection Ftp control connection Exponential process Telnet package Self-similar process WAN arrival process Heavy-tail process Ftp data connection Ftp data transfer 5/18/2009 FINA'09

Statistical Analysis Gaussian or not? No!!!!!!!! 5/18/2009 FINA'09

Statistical Analysis Gaussian mixture model EM Algorism 5/18/2009 FINA'09

Statistical Analysis EM Algorism E-step M-step 5/18/2009 FINA'09

Statistical Analysis 5/18/2009 FINA'09

Statistical Analysis Amount of Gaussian in the model? Gaussian 25 5/18/2009 FINA'09

Statistical Analysis Tome cost related with the amount of Gaussian in the model Not necessarily the more the better 5/18/2009 FINA'09

Time Series Analysis Up Bound Low Bound Approach(for comparison) Cross indicator approach with k line and d line Moving Average Convergence and Divergence 5/18/2009 FINA'09

Time Series Analysis Up Bound Low Bound Approach(for compare) 5/18/2009 FINA'09

Time Series Analysis Cross indicator approach with k line and d line 5/18/2009 FINA'09

Time Series Analysis Moving Average Convergence and Divergence 5/18/2009 FINA'09

Time Series Analysis Experiment result comparison 5/18/2009 FINA'09

Conclusion Gaussian mixture model match the distribution of network traffic The Gaussian mixture model with Gaussian amount 10 is a good tradeoff between the performance and time cost K line and D line approach with low time cost but too sensitive to the fluctuation Moving Average Convergence and Diverge approach has the best performance but cost more than the K line and D line approach 5/18/2009 FINA'09

Future Work An model applicable for the wireless network Analysis the relation between the result and different kinds of attack and anomaly Distinguish the anomaly type An auto-adaptable approach with no need to configure the parameter of the model An model applicable for the wireless network To meet the hybrid, unstable and wireless network with the changing topology 5/18/2009 FINA'09

Thanks for Your Attention 5/18/2009 FINA'09