Traffic Gathering and Analysis Algorithm for Attack Detection

공격 탐지를 위한 트래픽 수집 및 분석 알고리즘

  • 유대성 (충북대학교 컴퓨터공학과) ;
  • 오창석 (충북대학교 전기전자컴퓨터공학부)
  • Published : 2004.12.01

Abstract

In this paper, a traffic trend analysis based SNMP algorithm is proposed for improving the problem of existing traffic analysis using SNMP. The existing traffic analysis method has a vulnerability that is taken much time In analyzing by using a threshold and not detected a harmful traffic at the point of transition. The method that is proposed in this paper can solve the problems that the existing method had, simultaneously using traffic trend analysis of the day, traffic trend analysis happening in each protocol and MIB object analysis responding to attacks instead of using the threshold. The algorithm proposed in this paper will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks. When traffic happens, it can detect the abnormality through the three analysis methods previously mentioned. After that, if abnormal traffic overlaps in at least two of the three methods, we can consider it as harmful traffic. The proposed algorithm will analyze harmful traffic more quickly and more precisely; hence it can reduce the damage made by traffic flooding attacks.

Keywords

SNMP;MIB;Threshold;Traffic Trend Analysis;Traffic Flooding Attack