Title :
Crosstalk: A Scalable Cross-Protocol Monitoring System for Anomaly Detection
Author :
Di Pietro, Andrea ; Huici, Felipe ; Costantini, Diego ; Sugita, Takahide ; Niccolini, Saverio
Author_Institution :
NEC Eur., Heidelberg, Germany
Abstract :
Monitoring is crucial both to the correct operation of a network and to the services that run on it. Operators perform monitoring for various purposes, including traffic engineering, quality of service, security and detection of faults and mis-configurations. However, the relentless growth of IP traffic volume renders real-time monitoring and analysis of data a very challenging problem. In this paper we introduce Crosstalk, a scalable and efficient distributed monitoring architecture that uses cross-protocol correlation to detect network anomalies. While applicable to a wide range of applications such as botnet detection, spam mitigation and mis-configurations, we pick a point in this application space, concentrating on VoIP attacks. We present extensive simulation results based both on generated calls and on millions of Call Data Records (CDRs) from a large VoIP operator to show our approach´s performance and effectiveness.
Keywords :
Internet telephony; computerised monitoring; protocols; telecommunication security; telecommunication traffic; unsolicited e-mail; VoIP attacks; anomaly detection; botnet detection; call data records; fault detection; fault security; quality of service; real-time monitoring; scalable cross-protocol monitoring system; spam mitigation; traffic engineering; Communications Society; Crosstalk; Europe; Monitoring; National electric code; Peer to peer computing; Probes; Scalability; Telecommunication traffic; Tree data structures;
Conference_Titel :
Communications (ICC), 2010 IEEE International Conference on
Conference_Location :
Cape Town
Print_ISBN :
978-1-4244-6402-9
DOI :
10.1109/ICC.2010.5502794
