Chaotic Models and Anomaly Detection for Complex Data Networks

Abstract

Our main goal was to detect and describe deterministic aspects of traffic behavior in data networks, in order to provide a basis for better detection of anomalous network activity. We also sought to characterize the robustness of complex data networks to (possibly malicious) perturbations, in order to help engineer against disruptions. Throughout this project we have developed dynamical systems models for TCP network traffic on networks of increasing complexity, guided by real packet-level data and network simulation software. We also developed techniques for estimating the network state (e.g., router queue sizes and round-trip times of data flows) from packet-level data. We investigated methods for short-term prediction of ``normal'' network activity to use as a baseline for anomaly detection. We modeled peer-to-peer network activity and developed methods for detecting such activity. Finally, we examined the stability of TCP network dynamics and their response to perturbations that could be used as low-volume denial-of-service attacks. We found large-scale network dynamics to be robust to such perturbations, but identified mechanisms for localized disruptions.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 27, 2012
Accession Number
ADA563464

Entities

People

  • Brian R. Hunt
  • Edward Ott
  • James A. Yorke

Organizations

  • University of Maryland

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Anomaly Detection
  • Change Detection
  • Computer Networks
  • Computers
  • Congestion
  • Denial Of Service Attack
  • Detection
  • Dynamics
  • Engineers
  • Information Operations
  • Networks
  • Perturbations
  • Simulations
  • Simulators
  • Students
  • Transport Protocols
  • Universities

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.
  • Theoretical Analysis.