Please use this identifier to cite or link to this item: https://hdl.handle.net/11147/3459
Full metadata record
DC FieldValueLanguage
dc.contributor.advisorTuğlular, Tuğkanen
dc.contributor.authorYarımtepe, Oğuz-
dc.date.accessioned2014-07-22T13:51:34Z
dc.date.available2014-07-22T13:51:34Z
dc.date.issued2009en
dc.identifier.urihttp://hdl.handle.net/11147/3459
dc.descriptionThesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2009en
dc.descriptionIncludes bibliographical references (leaves: 63-66)en
dc.descriptionText in English Abstract: Turkish and Englishen
dc.descriptionix, 80 leavesen
dc.description.abstractDetecting suspicious traffic and anomaly sources are a general tendency about approaching the traffic analyzing. Since the necessity of detecting anomalies, different approaches are developed with their software candidates. Either event based or signature based anomaly detection mechanism can be applied to analyze network traffic. Signature based approaches require the detected signatures of the past anomalies though event based approaches propose a more flexible approach that is defining application level abnormal anomalies is possible. Both approach focus on the implementing and defining abnormal traffic. The problem about anomaly is that there is not a common definition of anomaly for all protocols or malicious attacks. In this thesis it is aimed to define the non-malicious traffic and extract it, so that the rest is marked as suspicious traffic for further traffic. To achieve this approach, a method and its software application to identify IP sessions, based on statistical metrics of the packet flows are presented. An adaptive network flow knowledge-base is derived. The knowledge-base is constructed using calculated flows attributes. A method to define known traffic is displayed by using the derived flow attributes. By using the attributes, analyzed flow is categorized as a known application level protocol. It is also explained a mathematical model to analyze the undefined traffic to display network traffic anomalies. The mathematical model is based on principle component analysis which is applied on the origindestination pair flows. By using metric based traffic characterization and principle component analysis it is observed that network traffic can be analyzed and some anomalies can be detected.en
dc.language.isoenen_US
dc.publisherIzmir Institute of Technologyen
dc.publisherIzmir Institute of Technologyen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subject.lccQA76.9.A25 .Y28 2009en
dc.subject.lcshComputer securityen
dc.subject.lcshAnomaly detection (Computer security)en
dc.titleAnomaly detection using network traffic characterizationen_US
dc.typeMaster Thesisen_US
dc.authoridTR144185
dc.institutionauthorYarımtepe, Oğuz-
dc.departmentThesis (Master)--İzmir Institute of Technology, Computer Engineeringen_US
dc.relation.publicationcategoryTezen_US
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.cerifentitytypePublications-
item.fulltextWith Fulltext-
item.languageiso639-1en-
item.grantfulltextopen-
item.openairetypeMaster Thesis-
Appears in Collections:Master Degree / Yüksek Lisans Tezleri
Files in This Item:
File Description SizeFormat 
T000819.pdfMasterThesis992.83 kBAdobe PDFThumbnail
View/Open
Show simple item record



CORE Recommender

Page view(s)

128
checked on Apr 15, 2024

Download(s)

560
checked on Apr 15, 2024

Google ScholarTM

Check





Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.