Computer and Computational Sciences, International Multi-Symposiums on (2006)
Hangzhou, Zhejiang, China
June 20, 2006 to June 24, 2006
Lu Guang , Zhejiang University, China
Yu Fei , Graduate School of Chinese Academy of Sciences, China
Guangxue Yue , Hunan University, China
Miaoliang Zhu , Zhejiang University, China
The research community is interested in finding effective methods to detect network traffic anomalies such as the propagation of a new worm, and to raise alarm in time. In this paper we research the principle that the number of network traffic can affect self-similarity of network traffics, and analyze the variety of self-similarity caused by abnormal network traffic. We propose a network traffic model on normal behaviors of users. An approach, which is applied to determine whether or not abnormal network traffic exists by comparing Hurst parameter with predefined threshold, is also presented. At last, implementation of network worm detecting agent in NP is described. Results of evaluation show that detecting agent performs very well in test-bed.
Worm, Self-Similarity, Intrusion Alarm, Network Traffic Character
L. Guang, Y. Fei, M. Zhu and G. Yue, "Worm Intrusion Alarm Modeling Based on Network Traffic Character," Computer and Computational Sciences, International Multi-Symposiums on(IMSCCS), Hangzhou, Zhejiang, China, 2006, pp. 142-147.