Two-Tier GCT Based Approach for Attack Detection

Two-Tier GCT Based Approach for Attack Detection

下载PDF

导出

摘要 The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing new techniques for analyzing network traffic. If efficient analysis tools were available, it could become possible to detect the attacks and to take action to weaken those attacks appropriately before they have had time to propagate across the network. In this paper, we propose an SNMP MIB oriented approach for detecting attacks, which is based on two-tier GCT by analyzing causal relationship between attacking variable at the attacker and abnormal variable at the target. According to the abnormal behavior at the target, GCT is executed initially to determine preliminary attacking variable, which has whole causality with abnormal variable in network behavior. Depending on behavior feature extracted from abnormal behavior, we can recognize attacking variable by using GCT again, which has local causality with abnormal variable in local behavior. Proactive detecting rules can be constructed with the causality between attacking variable and abnormal variable, which can be used to give alarms in network management system. The results of experiment showed that the approach with two-tier GCT was proved to detect attacks early, with which attack propagation could be slowed through early detection. The frequent attacks on network infrastructure, using various forms of denial of service attacks, have led to an increased need for developing new techniques for analyzing network traffic. If efficient analysis tools were available, it could become possible to detect the attacks and to take action to weaken those attacks appropriately before they have had time to propagate across the network. In this paper, we propose an SNMP MIB oriented approach for detecting attacks, which is based on two-tier GCT by analyzing causal relationship between attacking variable at the attacker and abnormal variable at the target. According to the abnormal behavior at the target, GCT is executed initially to determine preliminary attacking variable, which has whole causality with abnormal variable in network behavior. Depending on behavior feature extracted from abnormal behavior, we can recognize attacking variable by using GCT again, which has local causality with abnormal variable in local behavior. Proactive detecting rules can be constructed with the causality between attacking variable and abnormal variable, which can be used to give alarms in network management system. The results of experiment showed that the approach with two-tier GCT was proved to detect attacks early, with which attack propagation could be slowed through early detection.

作者 Zhiwen Wang Qin Xia Ke Lu

机构地区 Xi’an Jiaotong University

出处《Journal of Software Engineering and Applications》 2008年第1期60-67,共8页 软件工程与应用（英文）

关键词 Network BEHAVIOR ATTACK Detection GRANGER CAUSALITY Test Management Information BASE Network Behavior Attack Detection Granger Causality Test Management Information Base

分类号 R73 [医药卫生—肿瘤]

引文网络
相关文献

参考文献2

1邹柏贤,姚志强.一种网络流量平稳化方法[J].通信学报,2004,25(8):14-23. 被引量：18
2汪生,孙乐昌,干国政.Granger因果关系检验在攻击检测中的应用研究[J].计算机应用,2005,25(6):1282-1285. 被引量：7

二级参考文献20

1ADAS A. Traffic models in broadband networks[J]. IEEE Communications Magazine, 1997, 35(7): 82-89.
2MAGLARIS B, et al. Performance models of statistical multiplexing in packet video communications[J]. IEEE Trans Commun,1998,36(7): 834-844.
3GRUNENFELDER R, et al. Characterization of video codecs as autoregressive moving average processes and ralated queuing system performance[J]. IEEE JSAC, 1991,9(4): 283-293.
4FROST V, MEL AMED B. Traffic modeling for telecommunications networks[J]. IEEE Communication Magazine, 1994, 32(3):70-81.
5BASU S, MUKHERJEE A, KLIVANSKY S. Time series models for Internet traffic[A]. Proceedings of INFORCOM[C].1996.611-620.
6SANG A, LIS. A predictability analysis of network traffic[A]. Proceedings of IEEEINFOCOM 2000[C]. 2000. 342-351.
7NORROS I. On the use of fractional brownian motion in the theory of connectionless traffic[J]. IEEE Journal of Selected Areas in Communications, 1995, 13(6): 953-962.
8WILFRID J, FRANK J. Introduction to statistical analysis, third edition[M]. New York: McGraw-Hill Book Company, 1983.
9GEORGEE GWILYMM GREGORYC 顾岚范金诚译.时间序列分析--预测与控制[M].北京:中国统计出版社,1997..
10SHIM C, RYOO I, LEE J, et al. Modeling and call admission control algorithm of variable bit rate video in ATM networks[J]. IEEE Journal on Selected Areas in Communications, 1994, 12(2): 332-344.

共引文献21

1吴丽云,董锁成,杨国安.我国旅游业与经济增长的关系分析[J].江西农业学报,2010,22(10):159-162. 被引量：2
2何建.基于时间序列的网络流量分析与预测[J].中国科技信息,2005(22A):8-8. 被引量：2
3蒋海,刘淑芬,姚志林,庞世春,张新佳,兰庆国.一个网络流量监测与预测系统的设计与实现[J].吉林大学学报（理学版）,2006,44(1):61-66. 被引量：6
4韦红军,何迪,石伟锋,吴永明.基于ARMA模型的CFAR网络入侵检测方法研究[J].信息技术,2007,31(5):14-16.
5白翔宇,叶新铭,蒋海.基于小波变换与自回归模型的网络流量预测[J].计算机科学,2007,34(7):47-49. 被引量：22
6王志文,夏秦,李平均.一种面向网络行为因果关联的攻击检测方法[J].西安交通大学学报,2008,42(6):707-707.
7胡碧峰,韦红军.基于网络流量预测模型的CFAR入侵检测方法研究[J].信息安全与通信保密,2008,30(8):112-115. 被引量：2
8王志文,夏秦,李平均.一种面向网络行为因果关联的攻击检测方法[J].西安交通大学学报,2008,42(8):931-935. 被引量：1
9杨国安,石俊.全球5.0级以上地震活动与地球自转变化的Granger因果关系检验[J].地学前缘,2009,16(2):378-383. 被引量：2
10郭小雪,梁根,秦勇,魏文红.多逻辑链路最大可用带宽比流量调度算法[J].计算机工程,2009,35(20):103-105.

1Fu Zhoua,Deqiang Yao,Bing Rao,Li Zhang,Wang Nie,Yan Zou,Jie Zhao,Yu Cao.Crystal structure of a bacterial homolog to human lysosomal transporter,spinster[J].Science Bulletin,2019,64(18):1310-1317. 被引量：4
2LI Pengwei,FU Jianming,XU Chao,CHENG Binlin,ZHANG Huanguo.Differentiating Malicious and Benign Android App Operations Using Second-Step Behavior Features[J].Chinese Journal of Electronics,2019,28(5):944-952. 被引量：1
3Boris Menin.Bekenstein-Bound and Information-Based Approach[J].Journal of Applied Mathematics and Physics,2018,6(8):1675-1685.
4Alecsandra-Anca Tudor,Joelle Tschui,Jürg Schmidli,Ralph A.Schmid,Patrick Dorn.Cardiac Paraganglioma—A Rare Subset of a Rare Tumor[J].World Journal of Cardiovascular Diseases,2017,7(1):1-9.
5Seth Christopher Yaw Appiah,Francis Adjei Osei,Nicholas Karikari Mensah,Patrick Lebene Adonoo,Abdul Ganiu Tanko,Phans Oduro Sarpong.Males as Partners in Family Planning Service Uptake in Ghana: A Descriptive Cross-Sectional Survey[J].Health,2019,11(8):1043-1054.
6陈晓刚,罗文艳,林辉.Low-carbon Landscape Construction Approaches Based on Human Behavior[J].Journal of Landscape Research,2012,4(1):3-5.
7Haifeng Niu,Avimanyu Sahoo,Chandreyee Bhowmick,S·Jagannathan.An Optimal Hybrid Learning Approach for Attack Detection in Linear Networked Control Systems[J].IEEE/CAA Journal of Automatica Sinica,2019,6(6):1404-1416. 被引量：2
8Khoa Lê.LONG-TIME ASYMPTOTIC OF STABLE DAWSON-WATANABE PROCESSES IN SUPERCRITICAL REGIMES[J].Acta Mathematica Scientia,2019,39(1):37-45.
9Isabelle Titeux.Asymptotic Expansion of Temperature Close to a Singularity of a Plate[J].World Journal of Mechanics,2011,1(3):109-114.
10Pablo José Iuliano,Luís Marrone.Shannon Entropy in Distributed Scientific Calculations on Mobiles Ad-Hoc Networks (MANETs)[J].Communications and Network,2013,5(3):414-420.

Journal of Software Engineering and Applications

2008年第1期

浏览历史

内容加载中请稍等...

Two-Tier GCT Based Approach for Attack Detection

参考文献2

二级参考文献20

共引文献21

相关作者

相关机构

相关主题

浏览历史