Title :
AnKLe: Detecting Attacks in Large Scale Systems via Information Divergence
Author :
Anceaume, Emmanuelle ; Busnel, Yann ; Gambs, Sébastien
Author_Institution :
IRISA, Rennes, France
Abstract :
In this paper, we consider the setting of large scale distributed systems, in which each node needs to quickly process a huge amount of data received in the form of a stream that may have been tampered with by an adversary. In this situation, a fundamental problem is how to detect and quantify the amount of work performed by the adversary. To address this issue, we propose AnKLe (for Attack-tolerant enhanced Kullback-Leibler divergence Estimator), a novel algorithm for estimating the KL divergence of an observed stream compared to the expected one. AnKLe combines sampling techniques and information-theoretic methods. It is very efficient, both in terms of space and time complexities, and requires only a single pass over the data stream. Experimental results show that the estimation provided by AnKLe remains accurate even for different adversarial settings for which the quality of other methods dramatically decreases.
Keywords :
computational complexity; distributed processing; information theory; security of data; AnKLe; attack detection; attack-tolerant enhanced Kullback-Leibler divergence estimator; data stream; information divergence; information-theoretic methods; large scale distributed systems; sampling techniques; space complexity; time complexity; Algorithm design and analysis; Approximation algorithms; Data models; Entropy; Estimation; Peer to peer computing; Radiation detectors; Byzantine Adversary; Data Stream; Kullback-Leibler Divergence; Performance Analysis; Sampling; Scalability;
Conference_Titel :
Dependable Computing Conference (EDCC), 2012 Ninth European
Conference_Location :
Sibiu
Print_ISBN :
978-1-4673-0938-7
DOI :
10.1109/EDCC.2012.9
