Abstract
A network traffic anomaly detection method based on adaptive filter is proposed to detect all kinds of network traffic attacks. Multiple network traffic indicators are predicted by recursive least square and the allowable statistical range based on the prediction errors are used to detect anomaly. Detection results are finally normalized. The method has the following traits: no training from any historical data, reducing the number of alarms, remarkably, and highlighting the severity of alarms. Testing results on DARPA intrusion detection data sets show that the proposed method is more suitable to detect denial of service attacks, and has a higher detection rate, faster speed and lower alarm rate than similar existing methods with same dimension of weight vectors.
| Original language | English |
|---|---|
| Pages (from-to) | 1-5 |
| Number of pages | 5 |
| Journal | Hsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University |
| Volume | 43 |
| Issue number | 12 |
| State | Published - Dec 2009 |
Keywords
- Anomaly detection
- Denial of service attack
- Network traffic
- Recursive least square
Fingerprint
Dive into the research topics of 'On-line anomaly detection method for network traffic based on adaptive filtering'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver