微信服务号

微信订阅号

2025-5-17- 21
Home > Archive>Volume 16, Issue 12, 2005 >2117-2123
PDF HTML XML Export Cite reminder
Router Anomaly Traffic Detection Based on Modified-CUSUM Algorithms
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [12]
    • |
  • Related
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    The paper aims at the change of core routers ports’ ingress and egress traffic, employing a modified CUSUM (cumulative sum) algorithm to trace their statistics characteristic in real time and detect network flow abnormity. According to the characteristics of multi-ports in a router, the paper puts forward a matrix-based, multi-statistics modified CUSUM algorithm (M-CUSUM). M-CUSUM presents an adjustable parameter setup system to increase detecting accuracy. M-CUSUM algorithm can monitor changes of the equal value in real time through calculating the ratio between the subtracting and plus absolute value among ingress and egress ports traffic. Simulation experiments indicate that the algorithm has the higher detecting speed and accuracy to DOS/DDOS attacks, and spends less system resources. The algorithm has been used successfully in software routers.

    Reference
    [1]Wang HN, Zhang DL, Kang GS. Detecting SYN flooding attacks. IEEE Computer and Communication Society, 2002,3(6):1530-1539
    [2]Zhu WT, Li JS, Hong PL. A router agent based distributed flooding detection system. Chinese Journal of Computers, 2003,26(11):1585-1590 (in Chinese with English abstract).
    [3]Siris, VA, Papagalou F. Application of anomaly detection algorithms for detecting SYN flooding attacks. In: Proc. of the Conf. on Global Telecommunications (GLOBECOM 2004). IEEE, 2004. 2050-2054.
    [4]Xiang Y, Lin Y, Lei WL, Huang SJ. Detecting DDOS attack based on network self-similarity. IEEE Int'l Conf. on Communications,2004,151(3):292-295.
    [5]Jin SY, Yeung DS. A covariance analysis model for DDoS attack detection. In: Proc. of the Int'l Conf. on Communications. IEEE,2004. 1882-1886.
    [6]Feinstein L, Schnackenberg D, Balupari R, Kindred, D. Statistical approaches to DDoS attack detection and response. In: Proc. of the DARPA Information Survivability Conf. and Exposition. 2003. 303-314.
    [7]Oskiper T, Poor HV, Matrix CUSUM: A recursive multi-hypothesis change detection algorithm .In: Proc. of the 2001 IEEE Int'l Symp. on Information Theory. 2001.
    [8]Pu Xl. On the improving of cumulative sum chart. ACTA Mathematicae Applicatae S1NICA, 2003,26(2):226-241 (in Chinese with English abstract).
    [9]Morgenstern VM, Upadhyaya BR. Benedetti M. Signal anomaly detection using modified CUSUM method. In: Proc. of the 27th IEEE Conf. on Decision and Control. 1988. 2340-2341.
    [10]Moustakides GV. Performance of CUSUM tests for detecting changes in continuous time processes. In: Moustakides GV, ed. Proc of the IEEE Int'l Symp. Information Theory. 2002.186-187.
    [2]朱文涛,李津生,洪佩琳.基于路由器代理的分布式湮没检测系统.计算机学报,2003,26(11):1585-1590.
    [8]濮晓龙.关于累积和(CUSUM)检验的改进.应用数学学报,2003,26(2):226-241.
    Related
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

孙知信,唐益慰,程媛.基于改进CUSUM算法的路由器异常流量检测.软件学报,2005,16(12):2117-2123

Copy
Share
Article Metrics
  • Abstract:5101
  • PDF: 6423
  • HTML: 0
  • Cited by: 0
History
  • Received:August 24,2004
  • Revised:January 07,2005
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2045272Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063