View Complete Reference

Gottwalt, F, Waller, A and Liu, W (2016)

Natural Laws as a Baseline for Network Anomaly Detection

In: Proceedings of 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 370-377.

ISSN/ISBN: Not available at this time. DOI: 10.1109/TrustCom.2016.0086

Abstract: The major challenges current network anomaly detection methods are facing is how to handle large amounts of data and how to model normal and anomalous behaviour in continuously changing environments. To address these issues, this paper investigates the applicability of natural laws as a baseline for network anomaly detection. Natural laws have the advantage of being computationally efficient without the requirement of a training phase and they have successfully shown their potential to detect anomalies in other areas. To evaluate if natural laws can be used to detect anomalies in network traffic, it is essential in a first step to find out if normal traffic obeys a natural law. For that, several TCP flow characteristics have been empirically evaluated against their compliance with three natural laws for normal, benign traffic. The results have shown that almost all characteristics do have a connection to the natural laws with some following them very accurately. The first precondition for the approach is thereby fulfilled and in our next work we are going to evaluate the approach on data containing anomalies.

INPROCEEDINGS{, author={Florian Gottwalt and Adrian Waller and Weiru Liu}, booktitle={2016 IEEE Trustcom/BigDataSE/ISPA}, title={Natural Laws as a Baseline for Network Anomaly Detection}, year={2016}, url={}, pages={370--377}, doi={10.1109/TrustCom.2016.0086}, ISSN={2324-9013}, month={Aug},}

Reference Type: Conference Paper

Subject Area(s): Accounting, Computer Science