Marcos V. O. de Assis

A seven-dimensional flow analysis to help autonomous network management

Abstract Due to the increasing need of more agility in information exchange, computer networks are continuously expanding both in magnitude and complexity of the management processes. An essential component of these processes is the anomaly detection and identification. Although there are several studies in this area, simple and efficient anomaly detection mechanisms are still required due to the lack of suitable approaches for large-scale network environments. In this paper, we present an anomaly detection system using a seven-dimensional flow analysis. The core of this system is composed by the Holt–Winters for Digital Signature (HWDS) method, an improvement of the traditional Holt–Winters, which characterizes the traffic of each one of the analyzed dimensions in order to generate profiles able to describe the network’s normal behavior, here called Digital Signature of Network Segment using Flow analysis (DSNSF). The low complexity of the presented approach enables fast anomaly detection, mitigating the impact on final users. The system not only warns the network administrator about the problem, but also provides the necessary information to identify and solve it. To measure the efficiency and accuracy of the system, we use real data collected from a large-scale network environment.

Holt-Winters statistical forecasting and ACO metaheuristic for traffic characterization

Due to modernization, expansion of computer networks has become an inevitable process. However, this growth is also accompanied by increased complexity, which makes it necessary to use resources that assist the management of these networks. In this paper, we propose a traffic characterization using two-dimensional flow analysis for modeling the behavior traffic pattern, here called Digital Signature of Network Segment Using Flow Analysis (DSNSF). To accomplish this task we have used the improved Holt-Winters forecasting and Ant Colony Optimization metaheuristic methods. The DSNSF obtained by each model are compared to a real traffic of packets and bits and then subjected to specific evaluations in order to measure its accuracy.

A novel anomaly detection system based on seven-dimensional flow analysis

Anomaly detection in large-scale networks is not a simple task, although there are several studies in this area. The continuous expansion of computer networks results in increased complexity of management processes. Thus, simple and efficient anomaly detection mechanisms are required in order to assist the management of these networks. In this paper, we present an anomaly detection system using a seven-dimensional flow analysis. To accomplish this objective, we used the improved Holt-Winters forecasting method on the traffic characterization of each one of the different analyzed dimensions, here called Digital Signature of Network Segment using Flow analysis (DSNSF). The system not only warns the network administrator about the problem, but also provides the necessary information to solve it. Real data are collected and used by the system to measure its efficiency and accuracy.

Time Series Forecasting Methods for Creating Digital Signature of Network Segments Using Flow Analysis

This paper presents the use of two methods for creating a digital signature of a network segment based on flow analysis (DSNSF), which can be defined as a traffic characterization of a network segment. This characterization is achieved through the statistical forecasting method Holt-Winters. Furthermore, a modification is proposed to this traditional method aiming towards better results in its use for creating DSNSF. The data used in the tests are flows collected through NetFlow v9. The results demonstrate that the proposed amendment on the Holt-Winters method showed better results creating DSNSF than the traditional method.

A Game Theoretical Based System Using Holt-Winters and Genetic Algorithm With Fuzzy Logic for DoS/DDoS Mitigation on SDN Networks

The ever expanding the usage of cloud computing environments, connected applications and Internet of Things-based devices have progressively increased the amount of data that travels through our networks. Software-defined network (SDN) is an emergent paradigm that aims to support next-generation networks through its flexible and powerful management mechanisms. One of the biggest threats faced by these services nowadays is security management. Attacks based on the denial of service (DoS) are particularly efficient against this paradigm due to its centralized control characteristic. Once this controlling system receives a massive amount of malicious requests, the overall performance of the network operation is impaired. Although several researches propose to address this problem, most of them are reactive approaches, detecting the attacks and warning the network administrators, i.e., after the network is already compromised. This paper presents an autonomic DoS/DDoS defensive approach for SDNs called Game Theory (GT)-Holt-Winters for Digital Signature (HWDS), which unites the anomaly detection and identification provided by an HWDS system with an autonomous decision-making model based on GT. Real collected data and simulated attacks are used by the system to measure its effectiveness and efficiency. Furthermore, we also use a heuristic Fuzzy-GADS method for anomaly detection instead of HWDS, aiming to compare the achieved performance and evaluate the behavior of the presented game theoretical approaches a standalone mitigation module.

A hybrid approach for anomaly detection on large-scale networks using HWDS and entropy

The constant growth in scale and complexity of computer networks in recent years has led to the need for more powerful anomaly detection tools and approaches. Several researches have been developed in this area, focusing on the detection of volume anomalies through the analysis of quantitative flow features, like bits or packages per second. This paper presents a hybrid approach of anomaly detection based on the traffic characterization of four qualitative flow features using the Shannon entropy: IP addresses and ports of origin and destination. In order to achieve a traffic characterization of the four analyzed dimensions, we use the Holt-Winters for Digital Signature (HWDS) method. It is an improvement of the traditional method which is able to efficiently characterize the traffic, generating a Digital Signature of Network Segment using Flow analysis (DSNSF) for each dimension. The presented approach is tested using real data collected at the State University of Londrina - Brazil aiming to determine the performance outcomes of the approach in both traffic characterization and anomaly detection processes.

Digital Signature of Network Segment using PCA, ACO and Holt-Winters for network management

The practicality and convenience provided by computer networks made them indispensable, which resulted on their continuous growth both in size and complexity. Traffic monitoring became an arduous work, requiring autonomic mechanisms to describe the networks normal behavior. Thus, we introduce Digital Signature of Network Segment using Flow Analysis (DSNSF) as a mechanism to assist the networks management through traffic characterization. For this purpose, three methods belonging to different groups of algorithms are used: the statistical procedure Principal Component Analysis (PCA), the Ant Colony Optimization (ACO) metaheuristic and Holt-Winters forecasting method. We use real data for traffic characterization and evaluation of the proposed methods. The results demonstrate a good adaptability of these methods, and that generated DSNSFs can characterize the networks traffic effectively.