Abstract
IP packets are known to have long range dependence and show self-similar properties. However, TCP flows-a set of related IP packets that form a TCP connection-which are considered to be generated by a large population of users and consequently mutually independent, seem to be best modeled by either Poisson processes with exponential inter-arrival times or some distributions with heavy tails such as Weibull distribution. In this paper, we show that despite the number of active nodes in a network, the inter-arrival times of TCP flows in the conform to the Weibull distribution and any irregularity in the traffic causes deviations in the distribution of the inter-arrival times and so can be detected. This leads to a straightforward method for anomaly detection by which we are able to identify the anomalous part(s) of the traffic. We first apply the median-rank method to estimate the Weibull distribution parameters of the traffic and then check the conformity of the data against a Weibull distribution with the estimated parameters and determine whether the traffic is normal or not based on the chi-square test.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
