Traffic anomalies are characterized by unusual and significant changes in a network traffic behavior. They can be malicious or unintentional. Malicious traffic anomalies can be caused by attacks, abusive network usage and worms or virus propagations. However unintentional ones can be caused by failures, flash crowds or router misconfigurations. In this paper, we present an anomaly detection system derived from the anomaly detection schema presented by Mei-Ling Shyu in [12] and based on periodic SNMP data collection. We have evaluated this system against some common attacks and found that some (Smurf, Sync flood) are better detected than others (Scan). Then we have made use of this system in order to detect traffic anomalies in the Tunisian National University Network (TNUN). For this, we have collected network traffic traces from the Management Information Base MIB of the central firewall of the TNUN network. After that, we calculated the inter-anomaly times distribution and the anomaly durations distribution. We showed that anomalies were prevalent in the TNUN network and that most anomalies lasted less than five minutes.

Original document

The different versions of the original document can be found in:

http://dx.doi.org/10.1007/11753810_12 under the license http://www.springer.com/tdm
Back to Top

Document information

Published on 01/01/2006

Volume 2006, 2006
DOI: 10.1007/11753810_12
Licence: CC BY-NC-SA license

Document Score


Views 2
Recommendations 0

Share this document

claim authorship

Are you one of the authors of this document?