Network Attack Traffic Detection using Seed-based Sequential Grouping Model
- 주제(키워드) network traffic classification , network traffic identification , network traffic detection
- 발행기관 고려대학교 대학원
- 지도교수 김명섭
- 발행년도 2018
- 학위수여년월 2018. 2
- 학위구분 석사
- 학과 대학원 컴퓨터정보학과
- 세부전공 컴퓨터과학 전공
- 원문페이지 75 p
- 실제URI http://www.dcollection.net/handler/korea/000000079431
- 본문언어 영어
- 제출원본 000045932937
초록/요약
Along with the development of high-speed Internet and smart devices, various attack methods have emerged, and attack traffic has also changed into various and complex forms. In order to provide reliable services and efficient management of network resources, it is essential to detect and analyze the attack traffic. While various application and attack traffic detection or classification methods have been proposed, signature-based methods are still the mainstreams and there are still limitations to adopt real network environment in terms of detection accuracy and coverage. In this paper, we propose the seed based sequential grouping model for attack traffic detection. Sequential grouping model can detect traffic more effectively and quickly than signature-based methods, and can apply it efficiently to new traffic through learning of detection model guideline. The model consists of two main indexes, which are similarity and connectivity. In addition, we define the set of optimal thresholds of each index by using our balancing algorithm and define it as Guideline. By applying the proposed model to the actual attack traffic, we demonstrate that the model has high detection accuracy and completeness. Also, we show the quality of our method compared to existing methods.
more목차
Contents
ABSTRACT 1
1 Introduction 8
2 Related Work 12
2.1 Network flow based traffic detetion 12
2.2 Existing traffic detection methods 14
3 Seed-based Sequential Grouping Model 20
3.1 Similarity index (SI) 21
3.2 Connectivity Index (CI) 23
3.3 Detection Guideline (GL) 26
3.4 Threshold-Balancing Method (TB) 27
3.5 Threshold-Optimization Method (TO) 31
3.6 Multiple Seed-based SGM 35
4 Evaluation 37
4.1 Generate Seed-Information 38
4.2 Generate Guideline 39
4.3 System Description 40
4.3.1 Seed Generation (Seed_Extractor) 40
4.3.2 Guideline Generation (GuideLine_Extractor) 41
4.3.3 Guideline Generation (GuideLine_Optimizer) 42
4.3.4 Sequential Grouping 43
4.4 Experiment Traffic Description 44
4.5 Result Evaluation Metrics 50
4.6 Experiment Result 52
5 Conclutions and Future Works 62
REFERENCE 63
ACKNOWLEDGEMENTS 71
