an approach for detecting anomalies by assessing the inter arrival time of UDP packets and flows using benford's law

In this paper, from the perspective of Benford's Law the inter-arrival time of UDP in packet and flow levels, is investigated. Benford's Law is an empirical law that describes thedistribution of first digits in series of numbers in the natural phenomena. We claim that Benford's law describes the interarrivaltime of UDP packets and flows in normal traffic. As a result, any significant anomalies in UDP packets and flows including deliberate intrusions, unwanted errors or in general,network failures, can be identified by checking the first digit distribution inter-arrival time of UDP packets and flows. In thispaper, the relationship between Weibull distribution and Benford's Law is checked and then compliance of the interarrival time of UDP packets and flows from Weibull distributionis presented. Finally, a method for using Benford's Law, for detecting anomalies in inter-arrival time of UDP packets andflows is provided. In addition, UDP Flood attack with high detection rate of proposed method is detected.