Title :
A comparison between divergence measures for network anomaly detection
Author :
Tajer, Jean ; Makke, Ali ; Salem, Osman ; Mehaoua, Ahmed
Author_Institution :
Lab. d´´Inf. PAris DEscartes (LIPADE), France
Abstract :
This paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are investigated in terms of true positive and false alarm ratio. A particular focus will be on how to use these measures over Sketch data structure, and which measure provides the best detection accuracy. We conduct performance analysis over publicly available real IP traces (MAWI) collected from the WIDE backbone network. Our experimental results show that Chi-square divergence outperforms Hellinger distance in network anomalies detection.
Keywords :
data structures; security of data; statistical analysis; Chi-square divergence; Hellinger distance; IP traces; MAWI; WIDE backbone network; denial of service attacks; false alarm ratio; flooding attack detection; network anomalies detection; network anomaly detection; performance analysis; sketch data structure; statistical divergence measures; Accuracy; Data structures; High definition video; IP networks; Probability distribution; Radiation detectors; Time series analysis; Chi-Square Divergence; DDoS; Hellinger Distance; K-ary Sketch; TCP SYN Flooding;
Conference_Titel :
Network and Service Management (CNSM), 2011 7th International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4577-1588-4
Electronic_ISBN :
978-3-901882-44-9
