Network Traffic Anomalies Detection and Identification with Flow Monitoring

TL;DR

This paper introduces a simple, robust flow monitoring-based method for detecting and identifying network traffic anomalies, demonstrating effectiveness through experimental validation.

Contribution

It presents a lightweight anomaly detection approach using four flow metrics, which is novel in its simplicity and effectiveness for network security.

Findings

Effective detection of anomalies using four flow metrics

Ability to identify specific traffic anomalies

Validated through experimental results

Abstract

Network management and security is currently one of the most vibrant research areas, among which, research on detecting and identifying anomalies has attracted a lot of interest. Researchers are still struggling to find an effective and lightweight method for anomaly detection purpose. In this paper, we propose a simple, robust method that detects network anomalous traffic data based on flow monitoring. Our method works based on monitoring the four predefined metrics that capture the flow statistics of the network. In order to prove the power of the new method, we did build an application that detects network anomalies using our method. And the result of the experiments proves that by using the four simple metrics from the flow data, we do not only effectively detect but can also identify the network traffic anomalies.