Article


Article Code : 1396102514371950285

Article Title : Modeling the Inter-arrival Time of Packets in Network Traffic and Anomaly Detection Using the Zipf’s Law

Keywords :

Journal Number : 22 Spring 2018

Visited : 211

Files : 990 KB


List of Authors

  Full Name Email Grade Degree Corresponding Author
1 Ali Naghash-Asadi aliasadi@comp.iust.ac.ir Graduate M.Sc
2 Mohammad Abdollahi Azgomi azgomi@iust.ac.ir Associate Professor PhD

Abstract

In this paper, a new approach based on the Zipf’s law for modeling the features of the network traffic is proposed. The Zipf's law is an empirical law that provides the relationship between the frequency and rank of each category in the data set. We use the Zipf’s law to model the features of the network traffic and simulate them and detect anomalies. For this purpose, one of the important features of the network traffic, the inter-arrival time of TCP or UDP packets, is examined. The advantage of this law is that it can provide high similarity using less information. Furthermore, the Zipf’s law can model different features of the network traffic that may not follow from mathematical distributions. The simple approach of this law can provide accuracy and lower limitations in comparison to existing methods. The Zipf's law can be also used as a criterion for anomaly detection. For this purpose, TCP_Flood and UDP_Flood attacks are examined based on inter-arrival time of packets. We show that an accurate model of features can be created by classifying the feature values and obtaining their ranks, and this model can be used to simulate the features and detect anomalies. The results of the evaluation of the proposed method on MAWI and NUST traffic collections are presented in this paper.