Network traffic anomaly detection for IAAS clouds

Sai Kiran Mukkavilli, Tennessee State University


This dissertation presents anomaly based approaches in network intrusion detection that suffer from evaluation, comparison and deployment which originate from the scarcity of adequate publicly available network trace datasets. Anomaly-based network Intrusion Detection Systems (IDS) model patterns of normal activity and detect novel network attacks. However, these systems depend on the availability of the systems normal traffic pattern profile. But the statistical fingerprint of the normal traffic pattern can change and shift over a period of time due to changes in operational or user activity at the networked site or even system updates. The changes in normal traffic patterns over time lead to concept drift. Some changes can be temporal, cyclical and can be short-lived or they can last for longer periods of time. Depending on a number of factors the speed at which the change in traffic patterns occurs can also be variable, ranging from near instantaneous to the change occurring over the span of numerous months. These changes in traffic patterns are a cause of concern for IDSs as they can lead to a significant increase in false positive rates, thereby reducing the overall system performance. Publicly available datasets are either outdated or generated in a controlled environment. Due to the ubiquity of cloud computing environments in commercial and government internet services, there is a need to assess the impacts of network attacks in cloud data centers. To the best of our knowledge, there is no publicly available dataset which captures the normal and anomalous network traces in the interactions between cloud users and cloud data centers. We present an experimental platform designed to represent a practical interaction between cloud users and cloud services and collect network traffic traces resulting from this interaction to conduct anomaly detection. We also show how many attacks are performed anonymously and are difficult to trace using general intrusion detection mechanisms. We use Amazon web services (AWS) platform for conducting our experiments.

Subject Area

Computer Engineering

Recommended Citation

Sai Kiran Mukkavilli, "Network traffic anomaly detection for IAAS clouds" (2016). ETD Collection for Tennessee State University. Paper AAI10158545.