top of page
Search

Network Traffic Anomalies

  • ali@fuzzywireless.com
  • Mar 4, 2022
  • 2 min read

Machine generated attacks can be performed using various ways but the two popular methods are, bot-net based attacks and proxy-based attacks (Soldo & Metwally, 2012). Bot-net based attacks are performed using large number of host machines with low traffic for each host while proxy-based attacks used fewer nodes but traffic is generated using proxies to hide the actual IP address. Bot-net and proxy based attacks show a signature distribution of IP size (Soldo & Metwally, 2012).


Soldo and Metwally (2012) presented a framework based on anomaly detection using IP size from the expected IP size distribution. The framework utilized the historic data, domain insights and estimate the IP size distribution using statistical learning techniques. Approach was tested on 90 days’ worth of Google’s click based big data logs to validate the framework (Soldo & Metwally, 2012).


Sakr and Gaber (2014) define IP size as number of users sharing the same IP address, which is a significant challenge in itself because multiple users can share the same host machine or network address translation (NAT). Probabilistic model is setup for the given IP address using Google’s IP address size system, application logs of trusted users, queries and ad clicks (Soldo & Metwally, 2012). Since desktop and mobile data traffic signify specific IP size characteristics, because of more users with unique users and more users with similar address, thus a distinction can be made.


Classifier was developed using quality score to determine whether the ad click was made using legitimate email address or not (Soldo & Metwally, 2012). Similarly, fraud score is developed as the ratio of fraudulent clicks to total number of clicks. Google’s blacklists, namely Gmail Blacklist and Spam list were used to determine whether the clicks were associated with abusive traffic in the past or not. The performance of framework improved the accuracy versus other methods and currently being used as subset of Google’s fraud defense system (Soldo & Metwally, 2012


Reference:


Soldo, F. & Metwally, A. (2012). Traffic anomaly detection based on the IP size distribution. 2012 IEEE Infocom proceedings.


Metwally, A., Soldo, F., Paduano, M., & Chhabra, M. (2014). Large-scale network traffic analysis for estimating the size of IP addresses and detecting traffic anomalies. In S. Sakr, &


M. M. Gaber (Eds.), Large scale and big data: Processing and management (pp. 435-462). Boca Raton, FL: CRC Press.



Recent Posts

See All
AI - supporting decision making

Machine learning is built on algorithms to learn and provide results to end user (Chavan, Somvanshi, Tambade & Shinde, 2016). It is...

 
 
 
AI Influence on big data

Traditional machine learning algorithms and systems were developed with the assumption that data will fit in memory however in the realm...

 
 
 

Comments

Post: Blog2_Post
bottom of page