DocumentCode :
3425020
Title :
Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation
Author :
Abry, Patrice ; Borgnat, Pierre ; Dewaele, Guillaume
Author_Institution :
Phys. Dept., CNRS, Lyon
fYear :
2007
fDate :
Jan. 2007
Firstpage :
80
Lastpage :
80
Abstract :
An anomaly detection procedure is defined and its statistical performance are carefully quantified. It is based on a non Gaussian modeling of the marginal distributions of random projections (sketches) of traffic aggregated jointly at different levels (multiresolution). To evaluate false negative vs. false positive in a controlled, reproducible and documented framework, we apply the detection procedure to traffic time-series from our self-made anomaly database. It is obtained by performing DDoS-type attacks, using real-world attack tools, over a real operational network. Also, we illustrate that combining sketches enables us to identify the target IP destination address and faulty packets hence opening the track to attack mitigation.
Keywords :
IP networks; Internet; performance evaluation; security of data; statistical analysis; telecommunication security; telecommunication traffic; DDoS-type attack; IP destination address; anomaly detection; anomaly identification; faulty packet; non Gaussian model; real-world attack tool; statistical performance evaluation;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Applications and the Internet Workshops, 2007. SAINT Workshops 2007. International Symposium on
Conference_Location :
Hiroshima, Japan
Print_ISBN :
0-7695-2757-4
Electronic_ISBN :
0-7695-2757-4
Type :
conf
DOI :
10.1109/SAINT-W.2007.55
Filename :
4090151
Link To Document :
بازگشت