Research Article
Yen-Hung Hu
Abstract
Network traffic traces provide valuable information for researchers to study behaviors of normal and malicious network activities. Although traffic traces are enough to reveal packet-level and connection-level details of most network activities, identifying specific malicious network activities is still a huge challenge: many malicious network activities are able to hide themselves behind normal activities with forged packet and connection information. In practice, mechanisms that are able to effectively extract malicious network activities from raw traffic traces are emerging and will benefit network security and other related communities as well. In this paper, a fluid-based approach for modeling simulated normal and malicious flooding-based denial of service network activities is developed. To approach this goal, several raw traffic traces gathered by the Cooperative Association for Internet Data Analysis (CADIA) are analyzed and investigated.