Abstract
The development of new technologies such as the Internet of Things and cloud computing tests the transmission capabilities of communication networks. With the widespread application of multiple wireless access technologies, it has become popular for modern communication devices to be equipped with multiple network access interfaces. The increasing of various network attacks significantly reduces the robustness of multipath TCP (MPTCP) transport systems. To address this problem, this paper proposes a network traffic anomaly detection model based on MPTCP networks, called MPTCP-EMD. The model combines multi-scale detection and digital signal processing theory to implement anomaly detection based on the self-similarity of MPTCP network traffic. It uses the empirical modal decomposition (EMD) method to decompose MPTCP traffic data and reconstruct the valid signal by removing high-frequency noise and residual trend term. Using the idea of sliding windows, the model then compares the changes in the Hurst exponent of the MPTCP network under different attack conditions to determine whether anomalies have occurred. The simulation results show that the EMD method can be used for anomaly detection of MPTCP network traffic. The Hurst exponent of the attacked MPTCP network significantly exceeds the range of the unattacked network, and exhibits significant jitter.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Chen X, Wu C, Liu Z, Zhang N, Ji Y (2021) Computation offloading in beyond 5G networks: a distributed learning framework and applications. IEEE Wirel Commun 28(2):56–62
Popat K, Kapadia VV (2021) Multipath TCP security issues, challenges and solutions. In: 2021 information, communication and computing technology, Springer, pp 18–32
Zhao J, Liu J, Wang H, Xu C, Gong W, Xu C (2020) Measurement, analysis, and enhancement of multipath TCP energy efficiency for datacenters. IEEE ACM Trans Netw 28(1):57–70
Munir A, Qian Z, Shafiq Z, Liu A, Le F (2017) Multipath TCP traffic diversion attacks and countermeasures. In: 2017 IEEE 25th international conference on network protocols (ICNP), pp 1–10
Ji L, Lei G, Ji R, Cao Y, Shao X, Huang X (2022) Which one is more robust to low-rate DDoS attacks? The Multipath TCP or The SCTP. In: 2021 mobile internet security, Springer, pp 323–334
Cao Y, Song F, Liu Q, Huang M, Wang H, You I (2017) A LDDos-aware energy-efficient multipathing scheme for mobile cloud computing systems. IEEE Access 5:21862–21872
Cao Y, Ji R, Ji L, Bao M, Yang W (2021) Can multipath TCP be robust to cyber attacks? a measuring study of MPTCP with active queue management algorithms. Secur Commun Netw, pp 1–11
Wang A, Chang W, Chen S, Mohaisen A (2018) Delving Into Internet DDos Attacks by botnets: Characterization and Analysis. IEEE ACM Trans Netw 26(6):2843–2855
Le TA, Bui L (2018) Forward delay-based packet scheduling algorithm for multipath TCP. Mobile Netw Appl 23:4–12
Thomas Y, Karaliopoulos M, Xylomenos G, Polyzos G (2019) Low latency friendliness for multipath TCP. IEEE ACM Trans Netw 28(1):248–261
Li H, Wang Y, Sun R, Guo S, Wang (2019) Delay-based congestion control for multipath TCP in heterogeneous wireless networks. In: 2019 IEEE wireless communications and networking conference workshop, pp 1–6
Xu Z, Tang J, Yin C, Wang Y, Xue G (2019) Experience-Driven Congestion control: when Multi-Path TCP meets deep reinforcement learning. IEEE J Sel Areas Commun 37(6):1325–1336
Liu Y, Zhou G, Chen G (2021) Reducing web latency with coding-based fast multi-path loss recovery. Wirel Netw 27:195–209
Xue K, Han J, Zhang H, Chen K, Hong P (2017) Migrating unfairness among subflows in MPTCP with network coding for Wired–Wireless networks. IEEE Trans Veh Technol 66(1):798–809
Fukuyama M, Yamai N, Ohzahata S, Kitagawa N (2018) Throughput improvement of MPTCP by selective bicasting with cross-layer control in wireless environment. In: 2018 IEEE 42nd annual computer software and applications conference (COMPSAC), pp 204–209
Lim Y, Chen Y, Nahum EM, Towsley D, Lee K (2014) Cross-layer path management in multi-path transport protocol for mobile devices. In: 2014 IEEE conference on computer communications, pp 1815–1823
Sinky H, Hamdaoui B, Guizani M (2015) Handoff-aware cross-layer assisted multi-path TCP for proactive congestion control in mobile heterogeneous wireless networks. In: 2015 IEEE global communications conference (GLOBECOM), pp 1–7
Zhao J, Xu C, Guan J, Zhang H (2015) A fluid model of multipath TCP algorithm: Fairness design with congestion balancing. In: 2015 IEEE international conference on communications (ICC), pp 6965–6970
Wu J, Cheng B, Wang M, Chen J (2017) Energy-Efficient Bandwidth aggregation for Delay-Constrained video over heterogeneous wireless networks. IEEE J Sel Areas Commun 35(1):30–49
Morawski M, Ignaciuk P (2021) Constructing a green MPTCP framework for industrial internet of things applications. In: 2020 broadband communications, networks, and systems, pp 22–32, Springer
Leland W E, Taqqu M S, Willinger W, Wilson D V (1994) On the self-similar nature of Ethernet traffic (extended version). IEEE ACM Trans Netw 2(1):1–15
Beran J, Sherman R, Taqqu M S, Willinger W (1995) Long-range dependence in variable-bit-rate video traffic. IEEE Trans Commun 43(2/3/4):1566–1579
Sun H (1999) An efficient nonrepudiable threshold proxy signature scheme with known signers. Comput Commun 22(8):717–722
Huang N, Shen Z, Long S, et al. (1998) The empirical mode decomposition and the Hilbert spectrum for nonlinear and non-stationary time series analysis. In: Proceedings of the Royal Society of London. Series A: Mathematical, Physical and Engineering Sciences, vol 1998, pp 903–995
Flandrin P, Rilling G, Goncalves P (2004) Empirical mode decomposition as a filter bank. IEEE Signal Process Lett 11(2):112–114
Li M (2006) Change trend of averaged Hurst parameter of traffic under DDOS flood attacks. Comput Secur 25(3):213–220
Cheng X, Xie K, Wang D (2009) Estimation of network traffic hurst parameter using HHT and wavelet transform. In: 2009 5th international conference on wireless communications, networking and mobile computing, pp 1–4
Wang X, Zheng K (2011) Detecting DDos attack based on empirical mode decomposition. In: 2011 First international conference on instrumentation, measurement, Computer, Communication and Control, pp 483–486
Jeong H, Kim H, Ahn W et al (2016) Analysis and detection of anomalous network traffic. In: 2016 10th international conference on innovative mobile and internet services in ubiquitous computing (IMIS), pp 403–408
Tang D, Feng Y, Zhang S, Qin Z (2021) FR-RED: Fractal residual based real-time detection of the LDos attack. IEEE Trans Reliab 70(3):1143–1157
Song S, Ng J, Tang B (2004) Some results on the self-similarity property in communication networks. IEEE Trans Commun 52(10):1636–1642
Zhang H, Shu Y, Yang O (1997) Estimation of Hurst parameter by variance-time plots. In: 1997 IEEE Pacific rim conference on communications, computers and signal processing, pp 883–886
Acknowledgments
This work was supported by the National Natural Science Foundation of China (NSFC) under Grant No. 61962026, and by the Natural Science Foundation of Jiangxi Province under Grant Nos. 20192ACBL21031, and by the Postgraduate Innovation Fund of Jiangxi Provincial Department of Education under Grant YC2021-S258.
Author information
Authors and Affiliations
Corresponding authors
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Cao, Y., Ji, R., Huang, X. et al. Empirical Mode Decomposition-empowered Network Traffic Anomaly Detection for Secure Multipath TCP Communications. Mobile Netw Appl 27, 2254–2263 (2022). https://doi.org/10.1007/s11036-022-02005-6
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-022-02005-6