On detecting unidentified network traffic using pattern‐based random walk

This paper presents a new approach to network traffic control based on the pattern theorem. In order to generate unique detection patterns for the process of traffic analysis, a self‐avoiding walk algorithm is used. During data processing and analysis, the traffic patterns are adapted dynamically in...

Full description

Saved in:
Bibliographic Details
Published inSecurity and communication networks Vol. 9; no. 16; pp. 3509 - 3526
Main Authors Nia, Mehran Alidoost, Atani, Reza Ebrahimi, Fabian, Benjamin, Babulak, Eduard
Format Journal Article
LanguageEnglish
Published London Hindawi Limited 10.11.2016
Subjects
Online AccessGet full text

Cover

Loading…
More Information
Summary:This paper presents a new approach to network traffic control based on the pattern theorem. In order to generate unique detection patterns for the process of traffic analysis, a self‐avoiding walk algorithm is used. During data processing and analysis, the traffic patterns are adapted dynamically in real‐time. The modified traffic patterns are systematically analyzed using a threat database. In this work, a threshold is set to distinguish and trigger critical levels of threats. The matching process is terminated under each of the three conditions: (i) pattern matching rate is up to 80%; (ii) pattern matching rates of at least five various threats are up to 50%; and (iii) pattern matching is enhanced up to 50% for each matched pattern using an implicit combination of threat coefficients. Our experimental results show that in the worst‐case scenario, the true detection rate of malicious traffic is higher than 69%, and in the best situation, it would be about 95% for the same malicious traffic. Also, the precision of false detection for trusted patterns is negligible. Copyright © 2016 John Wiley & Sons, Ltd. This paper presents a new approach to network traffic control based on pattern theorem. In order to generate unique patterns, self‐avoiding walk algorithm is used. The modified traffic patterns are analyzed using a threat database, and a threshold is set to distinguish levels of threats. Our experimental results show that in the worst‐case scenario, the true detection rate of malicious traffic is higher than 69%. In the best situation, it would be about 95% for the same malicious traffic.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:1939-0114
1939-0122
DOI:10.1002/sec.1557