Detection of Attack Traffic Using the Sequential Grouping Based on Flow Correlation 


Vol. 44,  No. 5, pp. 914-922, May  2019
10.7840/kics.2019.44.5.914


PDF Full-Text
  Abstract

Today, the network environment is dramatically increasing, and the attack of malicious traffic is getting more sophisticated and complicated. For the accurate analysis of malicious traffic, it is necessary to reduce and prevent damage to such attacks. The most widely known methods are Signature-based analysis and Machine Learning-based analysis. Both of these methods have the advantages of high accuracy and detection rate, but they are disadvantageous only when the process is complicated and the requirement is met. Recently, a method of calculating the flow correlation based on the flow statistical and header information and detecting with the correlation value has been studied. The statistical information includes packet size, and the header information includes the source and destination IP address, port number, and protocol of the flow. However it takes a lot of time and money to obtain statistical information in the real environment. Therefore, in this paper, we propose a method to detect attack traffic by calculating flow correlation based on header information. In order to verify the validity of this paper, we conduct several experiments with real attack traffic and the detection rate was improved by 5~30% compared with the previous method.

  Statistics
Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.


  Cite this article

[IEEE Style]

J. Park, U. Baek, M. Lee, M. Shin, M. Kim, "Detection of Attack Traffic Using the Sequential Grouping Based on Flow Correlation," The Journal of Korean Institute of Communications and Information Sciences, vol. 44, no. 5, pp. 914-922, 2019. DOI: 10.7840/kics.2019.44.5.914.

[ACM Style]

Jee-Tae Park, Ui-Jun Baek, Min-Seob Lee, Mu-Gon Shin, and Myung-Sup Kim. 2019. Detection of Attack Traffic Using the Sequential Grouping Based on Flow Correlation. The Journal of Korean Institute of Communications and Information Sciences, 44, 5, (2019), 914-922. DOI: 10.7840/kics.2019.44.5.914.

[KICS Style]

Jee-Tae Park, Ui-Jun Baek, Min-Seob Lee, Mu-Gon Shin, Myung-Sup Kim, "Detection of Attack Traffic Using the Sequential Grouping Based on Flow Correlation," The Journal of Korean Institute of Communications and Information Sciences, vol. 44, no. 5, pp. 914-922, 5. 2019. (https://doi.org/10.7840/kics.2019.44.5.914)