Abstract
In this paper, we analyze the Internet traffic from a different point of view based on Benford's law, an empirical law that describes the distribution of leading digits in a collection of numbers met in naturally occurring phenomena. We claim that Benford's law holds for the inter-arrival times of TCP flows in case of normal traffic. Consequently, any type of anomalies affecting TCP flows, including intentional intrusions or unintended faults and network failures in general, can be detected by investigating the first-digit distributions of the inter-arrival times of TCP SYN packets. In this paper we apply our findings to the detection of intentional attacks, and leave other types of anomalies for future works. We support our claim with related researches that indicate the TCP flow inter-arrival times can be modeled by Weibull distribution with shape parameter less than 1, and show the relation between Weibull distributed data and Benford's law. Finally, we validate our findings on real traffic and achieve encouraging results.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.