Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
6885131 | Journal of Network and Computer Applications | 2014 | 21 Pages |
Abstract
In this paper, we analyze the Internet traffic from a different point of view based on Benford's law, an empirical law that describes the distribution of leading digits in a collection of numbers met in naturally occurring phenomena. We claim that Benford's law holds for the inter-arrival times of TCP flows in case of normal traffic. Consequently, any type of anomalies affecting TCP flows, including intentional intrusions or unintended faults and network failures in general, can be detected by investigating the first-digit distributions of the inter-arrival times of TCP SYN packets. In this paper we apply our findings to the detection of intentional attacks, and leave other types of anomalies for future works. We support our claim with related researches that indicate the TCP flow inter-arrival times can be modeled by Weibull distribution with shape parameter less than 1, and show the relation between Weibull distributed data and Benford's law. Finally, we validate our findings on real traffic and achieve encouraging results.
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Laleh Arshadi, Amir Hossein Jahangir,