An Automatic and Generic Early-Bird System for Internet Backbone Based on Traffic Anomaly Detection

摘要

Worm and Dos, DDos attacks take place more and more frequently nowadays. It makes the internet security facing serious threat. In this paper, we introduced the algorithm and design of ESTABD, an internet backbone Early-bird System of Traffic Anomaly Detection Based. By observing the raw variables such as packets count of protocol, TCP flags and payload length distribution etc., ESTABD analyzes real-time traffic to discover the abrupt traffic anomalous and generate warnings. A traffic anomaly detection algorithm based on Statistic Prediction theory is put forward and the algorithm has been tested on real network data. Further more, Alerts correlation algorithm and system policy are addressed in this paper to detect the known worms& Dos attacks and potentially unknown threats.