Next Article in Journal
Cryptographically Secure Multiparty Computation and Distributed Auctions Using Homomorphic Encryption
Next Article in Special Issue
Multi-Factor Authentication: A Survey
Previous Article in Journal
FPGA Implementation of a Cryptographically-Secure PUF Based on Learning Parity with Noise
Previous Article in Special Issue
Learning Global-Local Distance Metrics for Signature-Based Biometric Cryptosystems
Article Menu

Export Article

Open AccessArticle
Cryptography 2017, 1(3), 24;

Anomalous Traffic Detection and Self-Similarity Analysis in the Environment of ATMSim

Department of Computer Software, Korean Bible University, Seoul 139-791, Korea
Department of Advanced Application Environment Development, National Institute of Supercomputing and Networking, Korea Institute of Science and Technology Information, Daejeon 34141, Korea
This paper is an extended version of our paper published in 2016 10th IEEE International Conference, Innovative Mobile and Internet Services in Ubiquitous Computing.
Current address: 32 Dongil-ro(st) 214-gil, Nowon-gu, Seoul, Korea.
These authors contributed equally to this work.
Author to whom correspondence should be addressed.
Received: 29 October 2017 / Revised: 3 December 2017 / Accepted: 6 December 2017 / Published: 12 December 2017
(This article belongs to the Special Issue Biometric and Bio-inspired Approaches in Cryptography)
Full-Text   |   PDF [2788 KB, uploaded 12 December 2017]   |  


Internet utilisation has steadily increased, predominantly due to the rapid recent development of information and communication networks and the widespread distribution of smartphones. As a result of this increase in Internet consumption, various types of services, including web services, social networking services (SNS), Internet banking, and remote processing systems have been created. These services have significantly enhanced global quality of life. However, as a negative side-effect of this rapid development, serious information security problems have also surfaced, which has led to serious to Internet privacy invasions and network attacks. In an attempt to contribute to the process of addressing these problems, this paper proposes a process to detect anomalous traffic using self-similarity analysis in the Anomaly Teletraffic detection Measurement analysis Simulator (ATMSim) environment as a research method. Simulations were performed to measure normal and anomalous traffic. First, normal traffic for each attack, including the Address Resolution Protocol (ARP) and distributed denial-of-service (DDoS) was measured for 48 h over 10 iterations. Hadoop was used to facilitate processing of the large amount of collected data, after which MapReduce was utilised after storing the data in the Hadoop Distributed File System (HDFS). A new platform on Hadoop, the detection system ATMSim, was used to identify anomalous traffic after which a comparative analysis of the normal and anomalous traffic was performed through a self-similarity analysis. There were four categories of collected traffic that were divided according to the attack methods used: normal local area network (LAN) traffic, DDoS attack, and ARP spoofing, as well as DDoS and ARP attack. ATMSim, the anomaly traffic detection system, was used to determine if real attacks could be identified effectively. To achieve this, the ATMSim was used in simulations for each scenario to test its ability to distinguish between normal and anomalous traffic. The graphic and quantitative analyses in this study, based on the self-similarity estimation for the four different traffic types, showed a burstiness phenomenon when anomalous traffic occurred and self-similarity values were high. This differed significantly from the results obtained when normal traffic, such as LAN traffic, occurred. In further studies, this anomaly detection approach can be utilised with biologically inspired techniques that can predict behaviour, such as the artificial neural network (ANN) or fuzzy approach. View Full-Text
Keywords: anomalous traffic detection; stochastic self-similar process; hurst parameter; self-similar estimation method; ATMSim; communication network; cryptography anomalous traffic detection; stochastic self-similar process; hurst parameter; self-similar estimation method; ATMSim; communication network; cryptography

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Supplementary material


Share & Cite This Article

MDPI and ACS Style

Jeong, H.-D.J.; Ahn, W.; Kim, H.; Lee, J.-S.R. Anomalous Traffic Detection and Self-Similarity Analysis in the Environment of ATMSim. Cryptography 2017, 1, 24.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Metrics

Article Access Statistics



[Return to top]
Cryptography EISSN 2410-387X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top