View Complete Reference

Iorliam, A (2019)

Natural Laws (Benford’s Law and Zipf’s Law) for Network Traffic Analysis

In: Cybersecurity in Nigeria. SpringerBriefs in Cybersecurity. Springer, Cham, pp. 3-22.

ISSN/ISBN: 978-3-030-15210-9 DOI: 10.1007/978-3-030-15210-9_2

Abstract: Recently, Benford’s law and Zipf’s law, which are both statistical laws, have been effectively used to distinguish between authentic data and fake data. Some similarities that exist between Benford’s law and Zipf’s law are that both of these laws are classified as natural laws. Also, both laws are Power laws and it is expected that distributions that follow Benford’s law should also follow Zipf’s law. Even though both laws have similarities, there exist some differences between these two laws. Benford’s law establishes a relationship between digit and frequency. In contrast, Zipf’s law shows a relationship between rank and frequency. Another difference that exists between these two laws is that Benford’s law applies to numeric attributes, whereas Zipf’s law applies to both numeric and string attributes. In this chapter, we perform a comparative analysis of these two laws on network traffic data and to determine whether they follow these laws and discriminate between non-malicious and malicious network traffic flows. We observe that both the laws effectively detected whether a particular network was non-malicious or malicious by investigating its data using these laws. Furthermore, we observe that the initial Benford’s law chi-square divergence values obtained seem to be inversely proportional to Zipf’s law P-values, which can be potentially exploited for intrusion detection system applications. These passive forensic detection methods when properly deployed to analyse network traffic data in Nigeria will save the Nigerian cyber space from malware and related attacks.

Bibtex:
@Inbook{, author="Iorliam, Aamo", title="Natural Laws (Benford's Law and Zipf's Law) for Network Traffic Analysis", bookTitle="Cybersecurity in Nigeria: A Case Study of Surveillance and Prevention of Digital Crime", year="2019", publisher="Springer International Publishing", address="Cham", pages="3--22", isbn="978-3-030-15210-9", doi="10.1007/978-3-030-15210-9_2", url="https://doi.org/10.1007/978-3-030-15210-9_2" }

Reference Type: Book Chapter

Subject Area(s): Accounting, Computer Science