Title :
Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation
Author :
Abry, Patrice ; Borgnat, Pierre ; Dewaele, Guillaume
Author_Institution :
Phys. Dept., CNRS, Lyon
Abstract :
An anomaly detection procedure is defined and its statistical performance are carefully quantified. It is based on a non Gaussian modeling of the marginal distributions of random projections (sketches) of traffic aggregated jointly at different levels (multiresolution). To evaluate false negative vs. false positive in a controlled, reproducible and documented framework, we apply the detection procedure to traffic time-series from our self-made anomaly database. It is obtained by performing DDoS-type attacks, using real-world attack tools, over a real operational network. Also, we illustrate that combining sketches enables us to identify the target IP destination address and faulty packets hence opening the track to attack mitigation.
Keywords :
IP networks; Internet; performance evaluation; security of data; statistical analysis; telecommunication security; telecommunication traffic; DDoS-type attack; IP destination address; anomaly detection; anomaly identification; faulty packet; non Gaussian model; real-world attack tool; statistical performance evaluation;
Conference_Titel :
Applications and the Internet Workshops, 2007. SAINT Workshops 2007. International Symposium on
Conference_Location :
Hiroshima, Japan
Print_ISBN :
0-7695-2757-4
Electronic_ISBN :
0-7695-2757-4
DOI :
10.1109/SAINT-W.2007.55