Article: ATMSim: a Hadoop and self-similarity-based simulator for collecting, detecting, measuring and analysing anomalous traffic Journal: International Journal of Web and Grid Services (IJWGS) 2017 Vol.13 No.3 pp.334 - 350 Abstract: Recent developments in information and communication networks as well as the popularity of smartphones have been contributing to a geometrical increase in internet traffic. In relation to this, this study aims to collect, detect, measure and analyse the DDoS attacks typical of increasing security incidents on internet and network attacks. To this end, a large volume of normal traffic, coming in through an internal LAN of a university, and anomalous traffic including DDoS attacks using an ATMSim analysis package operating on the basis of network flow information, was generated. The self-similarity estimation techniques were used to analyse the behaviour of the collected and generated normal and anomalous traffic. This information was then used to prove graphically and quantitatively that the analysis reveals a great difference between the normal traffic and the anomalous traffic in terms of self-similarity. Inderscience Publishers - linking academia, business and industry through research

Title: ATMSim: a Hadoop and self-similarity-based simulator for collecting, detecting, measuring and analysing anomalous traffic

Authors: Hae-Duck J. Jeong; Myeong-Un Ryu; Min-Jun Ji; You-Been Cho; Sang-Kug Ye; Jong-Suk R. Lee

Addresses: Department of Computer Software, Korean Bible University, Seoul, South Korea ' Department of Computer Software, Korean Bible University, Seoul, South Korea ' Department of Computer Software, Korean Bible University, Seoul, South Korea ' Department of Computer Software, Korean Bible University, Seoul, South Korea ' FinTech, Kakao Corp., Seoul, South Korea ' Department of Advanced Application Environment Development, National Institute of Supercomputing and Networking, Korea Institute of Science and Technology Information, Daejeon, South Korea

Abstract: Recent developments in information and communication networks as well as the popularity of smartphones have been contributing to a geometrical increase in internet traffic. In relation to this, this study aims to collect, detect, measure and analyse the DDoS attacks typical of increasing security incidents on internet and network attacks. To this end, a large volume of normal traffic, coming in through an internal LAN of a university, and anomalous traffic including DDoS attacks using an ATMSim analysis package operating on the basis of network flow information, was generated. The self-similarity estimation techniques were used to analyse the behaviour of the collected and generated normal and anomalous traffic. This information was then used to prove graphically and quantitatively that the analysis reveals a great difference between the normal traffic and the anomalous traffic in terms of self-similarity.

Keywords: anomalous traffic; ATMSim; big data; DDoS attack; Hadoop; stochastic self-similar process.

DOI: 10.1504/IJWGS.2017.085148

International Journal of Web and Grid Services, 2017 Vol.13 No.3, pp.334 - 350

Published online: 13 Jul 2017 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article

Title: ATMSim: a Hadoop and self-similarity-based simulator for collecting, detecting, measuring and analysing anomalous traffic

Keep up-to-date