2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI), Tehran, pp. 257-262.
ISSN/ISBN: Not available at this time. DOI: 10.1109/KBEI.2015.7436057
Abstract: In this paper, from the perspective of Benford's law the inter-arrival time of UDP in packet and flow levels, is investigated. Benford's law is an empirical law that describes the distribution of first digits in series of numbers in natural phenomena. We claim that Benford's law describes the inter-arrival time of UDP packets and flows in normal traffic of networks. As a result, any significant anomaly in UDP packets and flows including deliberate intrusions, unwanted errors or in general, network failures, can be identified by checking the first digit distribution inter-arrival time of UDP packets and flows. In a recent work, the relationship between Weibull distribution and Benford's law was studied. In another work, the compliance of the inter-arrival time of UDP packets and flows from Weibull distribution is presented. In this paper, we have proposed a method for using Benford's law for detecting anomalies in inter-arrival time of UDP packets and flows. The proposed method can detect the UDP Flood attack with high detection rate.
Bibtex:
@INPROCEEDINGS{7436057,
author={Ali Naghash Asadi},
booktitle={2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI)},
title={An approach for detecting anomalies by assessing the inter-arrival time of UDP packets and flows using Benford's law},
year={2015},
pages={257--262},
doi={10.1109/KBEI.2015.7436057},
ISSN={},
month={Nov},
}
Reference Type: Conference Paper
Subject Area(s): Computer Science