Presentation is loading. Please wait.

Presentation is loading. Please wait.

Huang Kai Qi Zhengwei Liu Bo Shanghai Jiao Tong University.

Published byHadi Kartawijaya Modified over 5 years ago

Similar presentations

Presentation on theme: "Huang Kai Qi Zhengwei Liu Bo Shanghai Jiao Tong University."— Presentation transcript:

1 Huang Kai Qi Zhengwei Liu Bo Shanghai Jiao Tong University.
Network Anomaly Detection: Based on Statistical Approach and Time Series Analysis Huang Kai Qi Zhengwei Liu Bo Shanghai Jiao Tong University. Hello ladies and gentle

2 Outline Problem description Data flow statistical characteristic
Statistical Analysis Time Series Analysis Conclusion 5/18/2009 FINA'09

3 Problem description Why statistical approach?
Network anomaly signature based approach.(DPI) Privacy problem. Machining learning based approach. Hard to be real time. 5/18/2009 FINA'09

4 Problem description Why our approach?
Users’ different definition of network anomaly. Adaptability to the developing network. 5/18/2009 FINA'09

5 Data flow statistical characteristic
Complicated statistical characteristics! Poisson process Telnet connection Ftp control connection Exponential process Telnet package Self-similar process WAN arrival process Heavy-tail process Ftp data connection Ftp data transfer 5/18/2009 FINA'09

6 Statistical Analysis Gaussian or not? No!!!!!!!! 5/18/2009 FINA'09

7 Statistical Analysis Gaussian mixture model EM Algorism 5/18/2009
FINA'09

8 Statistical Analysis EM Algorism E-step M-step 5/18/2009 FINA'09

9 Statistical Analysis 5/18/2009 FINA'09

10 Statistical Analysis Amount of Gaussian in the model? Gaussian 25
5/18/2009 FINA'09

11 Statistical Analysis Tome cost related with the amount of Gaussian in the model Not necessarily the more the better 5/18/2009 FINA'09

12 Time Series Analysis Up Bound Low Bound Approach(for comparison)
Cross indicator approach with k line and d line Moving Average Convergence and Divergence 5/18/2009 FINA'09

13 Time Series Analysis Up Bound Low Bound Approach(for compare)
5/18/2009 FINA'09

14 Time Series Analysis Cross indicator approach with k line and d line
5/18/2009 FINA'09

15 Time Series Analysis Moving Average Convergence and Divergence
5/18/2009 FINA'09

16 Time Series Analysis Experiment result comparison 5/18/2009 FINA'09

17 Conclusion Gaussian mixture model match the distribution of network traffic The Gaussian mixture model with Gaussian amount 10 is a good tradeoff between the performance and time cost K line and D line approach with low time cost but too sensitive to the fluctuation Moving Average Convergence and Diverge approach has the best performance but cost more than the K line and D line approach 5/18/2009 FINA'09

18 Future Work An model applicable for the wireless network
Analysis the relation between the result and different kinds of attack and anomaly Distinguish the anomaly type An auto-adaptable approach with no need to configure the parameter of the model An model applicable for the wireless network To meet the hybrid, unstable and wireless network with the changing topology 5/18/2009 FINA'09

19 Thanks for Your Attention 5/18/2009 FINA'09

Download ppt "Huang Kai Qi Zhengwei Liu Bo Shanghai Jiao Tong University."

Similar presentations

Applications of one-class classification

Applications of one-class classification
Connection-level Analysis and Modeling of Network Traffic understanding the cause of bursts control and improve performance detect changes of network state.

Connection-level Analysis and Modeling of Network Traffic understanding the cause of bursts control and improve performance detect changes of network state.
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 Self-Similarity in WAN Traffic A subsequent paper established the presence of network.

Copyright © 2005 Department of Computer Science CPSC 641 Winter Self-Similarity in WAN Traffic A subsequent paper established the presence of network.
Traffic and routing. Network Queueing Model Packets are buffered in egress queues waiting for serialization on line Link capacity is C bps Average packet.

Traffic and routing. Network Queueing Model Packets are buffered in egress queues waiting for serialization on line Link capacity is C bps Average packet.
Speaker: Yu-Fu Huang Advisor: Dr. Kai-Wei Ke Date : 2014, Mar. 17 A page-oriented WWW traffic model for wireless system simulations.

Speaker: Yu-Fu Huang Advisor: Dr. Kai-Wei Ke Date : 2014, Mar. 17 A page-oriented WWW traffic model for wireless system simulations.
CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.

CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.
Secrecy Capacity Scaling of Large-Scale Cognitive Networks Yitao Chen 1, Jinbei Zhang 1, Xinbing Wang 1, Xiaohua Tian 1, Weijie Wu 1, Fan Fu 2, Chee Wei.

Secrecy Capacity Scaling of Large-Scale Cognitive Networks Yitao Chen 1, Jinbei Zhang 1, Xinbing Wang 1, Xiaohua Tian 1, Weijie Wu 1, Fan Fu 2, Chee Wei.
What’s Your Guess? Chapter 9: Review of Convergent or Divergent Series.

What’s Your Guess? Chapter 9: Review of Convergent or Divergent Series.
Anomaly Detection in the WIPER System using A Markov Modulated Poisson Distribution Ping Yan Tim Schoenharl Alec Pawling Greg Madey.

Anomaly Detection in the WIPER System using A Markov Modulated Poisson Distribution Ping Yan Tim Schoenharl Alec Pawling Greg Madey.
1 Self-Similar Wide Area Network Traffic Carey Williamson University of Calgary.

1 Self-Similar Wide Area Network Traffic Carey Williamson University of Calgary.
Networks and Distributed Systems: Project Ideas

Networks and Distributed Systems: Project Ideas
 Don Towsley 2000 Network Tomography for the Internet: Open Problems D. Towsley U. Massachusetts.

 Don Towsley 2000 Network Tomography for the Internet: Open Problems D. Towsley U. Massachusetts.
Financial Networks with Static and dynamic thresholds Tian Qiu Nanchang Hangkong University.

Financial Networks with Static and dynamic thresholds Tian Qiu Nanchang Hangkong University.
Most slides from Expectation Maximization (EM) Northwestern University EECS 395/495 Special Topics in Machine Learning.

Most slides from Expectation Maximization (EM) Northwestern University EECS 395/495 Special Topics in Machine Learning.
無線區域網路中自我相似交通流量之 成因與效能評估 The origin and performance impact of self- similar traffic for wireless local area networks 報 告 者:林 文 祺 指導教授:柯 開 維 博士.

無線區域網路中自我相似交通流量之 成因與效能評估 The origin and performance impact of self- similar traffic for wireless local area networks 報 告 者:林 文 祺 指導教授:柯 開 維 博士.
A Nonstationary Poisson View of Internet Traffic T. Karagiannis, M. Molle, M. Faloutsos University of California, Riverside A. Broido University of California,

A Nonstationary Poisson View of Internet Traffic T. Karagiannis, M. Molle, M. Faloutsos University of California, Riverside A. Broido University of California,
Self-Similarity in Network Traffic Kevin Henkener 5/29/2002.

Self-Similarity in Network Traffic Kevin Henkener 5/29/2002.
Influence of File Size Distribution on Legacy LAN QoS Parameters Nikolaus Färber Nov. 15, 2000.

Influence of File Size Distribution on Legacy LAN QoS Parameters Nikolaus Färber Nov. 15, 2000.
Clustering with Bregman Divergences Arindam Banerjee, Srujana Merugu, Inderjit S. Dhillon, Joydeep Ghosh Presented by Rohit Gupta CSci 8980: Machine Learning.

Clustering with Bregman Divergences Arindam Banerjee, Srujana Merugu, Inderjit S. Dhillon, Joydeep Ghosh Presented by Rohit Gupta CSci 8980: Machine Learning.
Enhancing TCP Fairness in Ad Hoc Wireless Networks Using Neighborhood RED Kaixin Xu, Mario Gerla University of California, Los Angeles {xkx,

Enhancing TCP Fairness in Ad Hoc Wireless Networks Using Neighborhood RED Kaixin Xu, Mario Gerla University of California, Los Angeles {xkx,

Similar presentations

Ads by Google