Volume 7 - Issue 2
Network flows analysis using compression
Abstract
Misleading attack pose a huge threat to any anomaly detectors with signature generation. With compression technique, we propose a method of coping with misleading attack. We describe three situations which may occur and filter all the misleading attacks in the suspicious flows. This study suggests that Normalized Compression Distance can be an effective metric for the identification of network traffic flows.
Paper Details
PaperID: 79953739880
Author's Name: Ma, J., Dai, G., Yan, Y.
Volume: Volume 7
Issues: Issue 2
Keywords: Misleading attack, Normal compression distance, Polymorphic worms
Year: 2011
Month: February
Pages: 334 - 341