Anomaly detection using network traffic characterization
tarafından
 
Yarımtepe, Oğuz.

Başlık
Anomaly detection using network traffic characterization

Yazar
Yarımtepe, Oğuz.

Yazar Ek Girişi
Yarımtepe, Oğuz.

Yayın Bilgileri
[s.l.]: [s.n.], 2009.

Fiziksel Tanımlama
ix, 80 leaves.: ill. + 1 computer laser optical disc.

Özet
Detecting suspicious traffic and anomaly sources are a general tendency about approaching the traffic analyzing. Since the necessity of detecting anomalies, different approaches are developed with their software candidates. Either event based or signature based anomaly detection mechanism can be applied to analyze network traffic. Signature based approaches require the detected signatures of the past anomalies though event based approaches propose a more flexible approach that is defining application level abnormal anomalies is possible. Both approach focus on the implementing and defining abnormal traffic. The problem about anomaly is that there is not a common definition of anomaly for all protocols or malicious attacks. In this thesis it is aimed to define the non-malicious traffic and extract it, so that the rest is marked as suspicious traffic for further traffic. To achieve this approach, a method and its software application to identify IP sessions, based on statistical metrics of the packet flows are presented. An adaptive network flow knowledge-base is derived. The knowledge-base is constructed using calculated flows attributes. A method to define known traffic is displayed by using the derived flow attributes. By using the attributes, analyzed flow is categorized as a known application level protocol. It is also explained a mathematical model to analyze the undefined traffic to display network traffic anomalies. The mathematical model is based on principle component analysis which is applied on the origindestination pair flows. By using metric based traffic characterization and principle component analysis it is observed that network traffic can be analyzed and some anomalies can be detected.

Konu Başlığı
Computer security.
 
Anomaly detection(Computer security)

Yazar Ek Girişi
Tuğlular, Tuğkan.

Tüzel Kişi Ek Girişi
İzmir Institute Of Technology. Computer Engineering.

Tek Biçim Eser Adı
Thesis (Master)--İzmir Institute Of Technology:Computer Engineering.
 
İzmir Institute of Technology:Computer Engineering--Thesis (Master).

Elektronik Erişim
Access to Electronic Version.


LibraryMateryal TürüDemirbaş NumarasıYer NumarasıDurumu/İade Tarihi
IYTE LibraryTezT000819QA76.9.A25 Y28 2009Tez Koleksiyonu