DocumentCode :
2263193
Title :
SAFEM: Scalable analysis of flows with entropic measures and SVM
Author :
François, Jérôme ; Wagner, Cynthia ; State, Radu ; Engel, Thomas
Author_Institution :
Interdiscipl. Centre for Security, Reliability & Trust, Univ. of Luxembourg, Luxembourg, Luxembourg
fYear :
2012
fDate :
16-20 April 2012
Firstpage :
510
Lastpage :
513
Abstract :
This paper describes a new approach for the detection of large-scale anomalies or malicious events in Netflow records. This approach allows Internet operators, to whom botnets and spam are major threats, to detect large-scale distributed attacks. The prototype SAFEM (Scalable Analysis of Flows with Entropic Measures) uses spatial-temporal Netflow record aggregation and applies entropic measures to traffic. The aggregation scheme highly reduces data storage leading to the viability of using such an approach in an Internet Service Provider network.
Keywords :
Internet; computer network security; spatiotemporal phenomena; telecommunication traffic; unsolicited e-mail; Internet operators; Internet service provider network; SAFEM; SVM; botnets; data storage; entropic measures; large-scale anomaly detection; large-scale distributed attack detection; malicious events; scalable analysis of flow with entropic measures; spam; spatial-temporal Netflow record aggregation scheme; Computer architecture; Entropy; IP networks; Internet; Measurement; Monitoring; Security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Network Operations and Management Symposium (NOMS), 2012 IEEE
Conference_Location :
Maui, HI
ISSN :
1542-1201
Print_ISBN :
978-1-4673-0267-8
Electronic_ISBN :
1542-1201
Type :
conf
DOI :
10.1109/NOMS.2012.6211943
Filename :
6211943
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2263193
بازگشت