Flow based Sequential Grouping System for Malicious Traffic Detection

• Jee-Tae Park,
• Ui-Jun Baek,
• Min-Seong Lee,
• Young-Hoon Goo,
• Sung-Ho Lee,
• Myung-Sup Kim,

Vol. 15, No. 10, October 31, 2021
10.3837/tiis.2021.10.016, Download Paper (Free):

• Traffic Classification
• Flow Correlation Index
• Malicious Traffic Detection
• Flow Information

Abstract

With the rapid development of science and technology, several high-performance networks have emerged with various new applications. Consequently, financially or socially motivated attacks on specific networks have also steadily become more complicated and sophisticated. To reduce the damage caused by such attacks, administration of network traffic flow in real-time and precise analysis of past attack traffic have become imperative. Although various traffic analysis methods have been studied recently, they continue to suffer from performance limitations and are generally too complicated to apply in existing systems. To address this problem, we propose a method to calculate the correlation between the malicious and normal flows and classify attack traffics based on the corresponding correlation values. In order to evaluate the performance of the proposed method, we conducted several experiments using examples of real malicious traffic and normal traffic. The evaluation was performed with respect to three metrics: recall, precision, and f-measure. The experimental results verified high performance of the proposed method with respect to first two metrics.

Statistics

Cite this article