An Approach for Detecting Anomalies by Assessing the Inter-Arrival Time of UDP Packets and Flows Using Benford's Law

In this paper, from the perspective of Benford's law the inter-arrival time of UDP in packet and flow levels, is investigated. Benford's law is an empirical law that describes the distribution of first digits in series of numbers in natural phenomena. We claim that Benford's law describes the inter-arrival time of UDP packets and flows in normal traffic of networks. As a result, any significant anomaly in UDP packets and flows including deliberate intrusions, unwanted errors or in general, network failures, can be identified by checking the first digit distribution inter-arrival time of UDP packets and flows. In a recent work, the relationship between Weibull distribution and Benford's law was studied. In another work, the compliance of the inter-arrival time of UDP packets and flows from Weibull distribution is presented. In this paper, we have proposed a method for using Benford's law for detecting anomalies in inter-arrival time of UDP packets and flows. The proposed method can detect the UDP Flood attack with high detection rate.