Title: ATMSim: a Hadoop and self-similarity-based simulator for collecting, detecting, measuring and analysing anomalous traffic
Authors: Hae-Duck J. Jeong; Myeong-Un Ryu; Min-Jun Ji; You-Been Cho; Sang-Kug Ye; Jong-Suk R. Lee
Addresses: Department of Computer Software, Korean Bible University, Seoul, South Korea ' Department of Computer Software, Korean Bible University, Seoul, South Korea ' Department of Computer Software, Korean Bible University, Seoul, South Korea ' Department of Computer Software, Korean Bible University, Seoul, South Korea ' FinTech, Kakao Corp., Seoul, South Korea ' Department of Advanced Application Environment Development, National Institute of Supercomputing and Networking, Korea Institute of Science and Technology Information, Daejeon, South Korea
Abstract: Recent developments in information and communication networks as well as the popularity of smartphones have been contributing to a geometrical increase in internet traffic. In relation to this, this study aims to collect, detect, measure and analyse the DDoS attacks typical of increasing security incidents on internet and network attacks. To this end, a large volume of normal traffic, coming in through an internal LAN of a university, and anomalous traffic including DDoS attacks using an ATMSim analysis package operating on the basis of network flow information, was generated. The self-similarity estimation techniques were used to analyse the behaviour of the collected and generated normal and anomalous traffic. This information was then used to prove graphically and quantitatively that the analysis reveals a great difference between the normal traffic and the anomalous traffic in terms of self-similarity.
Keywords: anomalous traffic; ATMSim; big data; DDoS attack; Hadoop; stochastic self-similar process.
International Journal of Web and Grid Services, 2017 Vol.13 No.3, pp.334 - 350
Available online: 04 Jul 2017 *Full-text access for editors Access for subscribers Purchase this article Comment on this article