Curtin University Homepage
  • Library
  • Help
    • Admin

    espace - Curtin’s institutional repository

    JavaScript is disabled for your browser. Some features of this site may not work without it.
    View Item 
    • espace Home
    • espace
    • Curtin Research Publications
    • View Item
    • espace Home
    • espace
    • Curtin Research Publications
    • View Item

    An Investigation of Power Law Probability Distributions for Network Anomaly Detection

    Access Status
    Fulltext not available
    Authors
    Prandl, S.
    Lazarescu, M.
    Pham, DucSon
    Soh, Sie Teng
    Kak, S.
    Date
    2017
    Type
    Conference Paper
    
    Metadata
    Show full item record
    Citation
    Prandl, S. and Lazarescu, M. and Pham, D. and Soh, S.T. and Kak, S. 2017. An Investigation of Power Law Probability Distributions for Network Anomaly Detection, IEEE Security and Privacy Workshop on Traffic Measurements for Cybersecurity, pp. 217-222: IEEE.
    Source Title
    http://ieeexplore.ieee.org/document/8227310/
    Source Conference
    IEEE Security and Privacy Workshop on Traffic Measurements for Cybersecurity
    DOI
    10.1109/SPW.2017.20
    Additional URLs
    http://ieeexplore.ieee.org/
    ISBN
    9781538619674
    School
    School of Electrical Engineering, Computing and Mathematical Science (EECMS)
    URI
    http://hdl.handle.net/20.500.11937/65570
    Collection
    • Curtin Research Publications
    Abstract

    It has been previously determined that SYN packet inter arrival times are conformant with Benford’s law, which predicts the frequency of the leading digits in naturally occurring collections of numbers, and suggested that conformity or non-conformity to Benford’s law could be used to detect network anomalies. This paper expands upon that suggestion by making three contributions. First, we verify that conformity to Benford’s law of inter arrival times is also true for certain types of both TCP and UDP packets. Second, we discover that packet length could also be another alternative to inter arrival times, with the advantage that it follows both Benford’s and Zipf’s laws, implying its reliability in detecting network traffic anomaly. Finally, we explore the potential application of power laws in the specific detection of denial-of-service (DoS) attacks using both inter arrival times and packet length. Extensive experiments on the MAWI benchmark dataset and two additional datasets support our claims and demonstrate that whilst Benfordian analysis of inter arrival times can identify DoS attacks, the combination of Benfordian and Zipfian analysis of packet length gives more reliable detection.

    Related items

    Showing items related by title, author, creator and subject.

    • Performance evaluation of two interconnected high voltage utility substations using PRP topology based on IEC 62439-3
      Kumar, S.; Das, Narottam; Islam, Syed (2018)
      © 2017 IEEE. In a modern power system network having multiple interconnected High Voltage (HV) substations, communication amongst Intelligent Electronic Devices (IED) becomes an important feature in an automation system. ...
    • LCART: Lightweight Congestion Aware Reliable Transport Protocol for WSN Targeting Heterogeneous Traffic
      Sharif, Atif; Potdar, Vidyasagar; Rathnayaka, Dinusha (2010)
      This paper presents energy ecient transport layer protocol for heterogeneous WSN, named as LCART. LCART fuses the prevalent or reciprocal functionalities of Transport, MAC and Wireless-Physical layers in order to achieve ...
    • LCART: A Cross-layered Transport Protocol for Heterogeneous WSN
      Sharif, Atif; Potdar, Vidyasagar; Rathnayaka, Dinusha (2010)
      Lightweight Congestion Aware Reliable Transport protocol (LCART) is based on cross-layering the prevalent or reciprocal functionalities of Transport, MAC and Wireless-Physical layers in order to achieve energy efficiency ...
    Advanced search

    Browse

    Communities & CollectionsIssue DateAuthorTitleSubjectDocument TypeThis CollectionIssue DateAuthorTitleSubjectDocument Type

    My Account

    Admin

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    Follow Curtin

    • 
    • 
    • 
    • 
    • 

    CRICOS Provider Code: 00301JABN: 99 143 842 569TEQSA: PRV12158

    Copyright | Disclaimer | Privacy statement | Accessibility

    Curtin would like to pay respect to the Aboriginal and Torres Strait Islander members of our community by acknowledging the traditional owners of the land on which the Perth campus is located, the Whadjuk people of the Nyungar Nation; and on our Kalgoorlie campus, the Wongutha people of the North-Eastern Goldfields.