A Real-Time Network Traffic Anomaly Detection Scheme Using NetFlow Data


The KIPS Transactions:PartC, Vol. 12, No. 1, pp. 19-28, Feb. 2005
10.3745/KIPSTC.2005.12.1.19,   PDF Download:

Abstract

Recently, it has been sharply increased the interests to detect the network traffic anomalies to help protect the computer network from unknown attacks. In this paper, we propose a new anomaly detection scheme using the simple linear regression analysis for the exported NetFlow data, such as bits per second and flows per second, from a border router at a campus network. In order to verify the proposed scheme, we apply it to a real campus network and compare the results with the Holt-Winters seasonal algorithm. In particular, we integrate in into the RRDtool for detecting the anomalies in real time.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
K. H. Kang, J. S. Jang, K. Y. Kim, "A Real-Time Network Traffic Anomaly Detection Scheme Using NetFlow Data," The KIPS Transactions:PartC, vol. 12, no. 1, pp. 19-28, 2005. DOI: 10.3745/KIPSTC.2005.12.1.19.

[ACM Style]
Koo Hong Kang, Jong Soo Jang, and Ki Young Kim. 2005. A Real-Time Network Traffic Anomaly Detection Scheme Using NetFlow Data. The KIPS Transactions:PartC, 12, 1, (2005), 19-28. DOI: 10.3745/KIPSTC.2005.12.1.19.