Please use this identifier to cite or link to this item:
Full metadata record
DC FieldValueLanguage
dc.contributor.advisorTuğlular, Tuğkanen
dc.contributor.authorYarımtepe, Oğuz-
dc.descriptionThesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2009en
dc.descriptionIncludes bibliographical references (leaves: 63-66)en
dc.descriptionText in English Abstract: Turkish and Englishen
dc.descriptionix, 80 leavesen
dc.description.abstractDetecting suspicious traffic and anomaly sources are a general tendency about approaching the traffic analyzing. Since the necessity of detecting anomalies, different approaches are developed with their software candidates. Either event based or signature based anomaly detection mechanism can be applied to analyze network traffic. Signature based approaches require the detected signatures of the past anomalies though event based approaches propose a more flexible approach that is defining application level abnormal anomalies is possible. Both approach focus on the implementing and defining abnormal traffic. The problem about anomaly is that there is not a common definition of anomaly for all protocols or malicious attacks. In this thesis it is aimed to define the non-malicious traffic and extract it, so that the rest is marked as suspicious traffic for further traffic. To achieve this approach, a method and its software application to identify IP sessions, based on statistical metrics of the packet flows are presented. An adaptive network flow knowledge-base is derived. The knowledge-base is constructed using calculated flows attributes. A method to define known traffic is displayed by using the derived flow attributes. By using the attributes, analyzed flow is categorized as a known application level protocol. It is also explained a mathematical model to analyze the undefined traffic to display network traffic anomalies. The mathematical model is based on principle component analysis which is applied on the origindestination pair flows. By using metric based traffic characterization and principle component analysis it is observed that network traffic can be analyzed and some anomalies can be detected.en
dc.publisherIzmir Institute of Technologyen
dc.publisherIzmir Institute of Technologyen_US
dc.subject.lccQA76.9.A25 .Y28 2009en
dc.subject.lcshComputer securityen
dc.subject.lcshAnomaly detection (Computer security)en
dc.titleAnomaly detection using network traffic characterizationen_US
dc.typeMaster Thesisen_US
dc.institutionauthorYarımtepe, Oğuz-
dc.departmentThesis (Master)--İzmir Institute of Technology, Computer Engineeringen_US
item.fulltextWith Fulltext-
item.openairetypeMaster Thesis-
Appears in Collections:Master Degree / Yüksek Lisans Tezleri
Files in This Item:
File Description SizeFormat 
T000819.pdfMasterThesis992.83 kBAdobe PDFThumbnail
Show simple item record

CORE Recommender

Page view(s)

checked on Apr 15, 2024


checked on Apr 15, 2024

Google ScholarTM


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.