ATMSim: a Hadoop and self-similarity-based simulator for collecting, detecting, measuring and analysing anomalous traffic

Abstract

Recent developments in information and communication networks as well as the popularity of smartphones have been contributing to a geometrical increase in Internet traffic. In relation to this, this study aims to collect, detect, measure and analyse the DDoS attacks typical of increasing security incidents on the Internet and network attacks. To this end, a large volume of normal traffic, coming in through an internal LAN of a university, and anomalous traffic including DDoS attacks using an ATMSim analysis package operating on the basis of network flow information, was generated. The self-similarity estimation techniques were used to analyse the behavior of the collected and generated normal and anomalous traffic. This information was then used to prove graphically and quantitatively that the analysis reveals a great difference between the normal traffic and the anomalous traffic in terms of self-similarity.