Multi-Fractal Traffic and Anomaly Detection in Computer CommunicationsКНИГИ » СЕТЕВЫЕ ТЕХНОЛОГИИ
Название: Multi-Fractal Traffic and Anomaly Detection in Computer Communications Автор: Ming Li Издательство: CRC Press Год: 2023 Страниц: 297 Язык: английский Формат: pdf (true) Размер: 31.7 MB
This book provides a comprehensive theory of mono- and multi-fractal traffic, including the basics of long-range dependent time series and 1/f noise, ergodicity and predictability of traffic, traffic modeling and simulation, stationarity tests of traffic, traffic measurement and the anomaly detection of traffic in communications networks. In this monograph, we address the theory of multi-fractal traffic and its applications to anomaly detection of traffic under distributed denial-of-service (DDoS) attacking in computer communications.
Proving that mono-fractal LRD time series is ergodic, the book exhibits that LRD traffic is stationary. The author shows that the stationarity of multi-fractal traffic relies on observation time scales, and proposes multi-fractional generalized Cauchy processes and modified multi-fractional Gaussian noise. The book also establishes a set of guidelines for determining the record length of traffic in measurement. Moreover, it presents an approach of traffic simulation, as well as the anomaly detection of traffic under distributed-denial-of service attacks.
In the aspect of intrusion detection, reliable detection remains a challenge issue. Hence, reliable detection of distributed denial-of-service (DDOS) attacks is worth studying. By reliable detection we mean that signs of attacks can be identified with pre-determined detection probability and false alarm probability. This chapter focuses on reliable detection of DDOS flood attacks by identifying pattern of traffic with long-range dependence (LRD).
In this aspect, there are three fundamental issues in theory and practice: • What is a statistical feature of traffic to be used for pattern recognition? • How to represent distributions of identification probability, false alarm probability, and miss probability? • How to assure a decision-making that has high identification probability, low false alarm probability, and low miss probability?
The Chapter 12 gives a statistical detection scheme based on identifying abnormal variations of LRD traffic time series. The representations of three probability distributions mentioned above are given and a decision-making region is explained. With this region, one can know what an identification (or false alarm or miss) probability is for capturing signs of DDOS flood attacks. The significance of a decision-making region is that it provides a guideline to set appropriate threshold value so as to assure pre-determined high identification probability, pre-desired low false alarm probability and pre-determined low miss probability. A case study is demonstrated.
The monograph consists of 4 Parts with 14 chapters plus an Appendix.
Scholars and graduates studying network traffic in computer science will find the book beneficial.
Скачать Multi-Fractal Traffic and Anomaly Detection in Computer Communications
Intrusion Detection: A Data Mining Approach Название: Intrusion Detection: A Data Mining Approach Автор: Nandita Sengupta, Jaya Sil Издательство: Springer Год: 2020 Страниц: 151 Язык:...