Title :
Anomaly detection in network traffic using Jensen-Shannon divergence
Author :
Salem, Osman ; Naït-Abdesselam, Farid ; Mehaoua, Ahmed
Author_Institution :
LIPADE Lab., Univ. Paris Descartes, Paris, France
Abstract :
Anomaly detection in high speed networks is well known to be a challenging problem. It requires generally the analysis of a huge amount of data with high accuracy and low complexity. In this paper, we propose an anomaly detection mechanism against flooding attacks in high speed networks. The proposed mechanism is based on Jensen-Shannon divergence metric over sketch data structure. This sketch is used to reduce the required memory, while monitoring the traffic, by maintaining them into a predefined fixed size of hash tables. This sketch is also used to develop a probabilistic model. The Jensen-Shannon divergence is used for detecting deviations between previously established and current distributions of network traffic. We have implemented our approach and evaluated it using real Internet traffic traces, obtained from MAWI trans-Pacific wide transit link between USA and Japan. Our results show that the proposed approach is scalable and efficient in detecting anomalies without maintaining per-flow state information.
Keywords :
Internet; cryptography; data structures; telecommunication traffic; Japan; Jensen-Shannon divergence metric; MAWI trans-Pacific wide transit link; USA; anomaly detection; flooding attacks; hash tables; high speed networks; network traffic; per-flow state information; probabilistic model; real Internet traffic traces; sketch data structure; traffic monitoring; Arrays; IP networks; Internet; Monitoring; Radiation detectors; Time series analysis;
Conference_Titel :
Communications (ICC), 2012 IEEE International Conference on
Conference_Location :
Ottawa, ON
Print_ISBN :
978-1-4577-2052-9
Electronic_ISBN :
1550-3607
DOI :
10.1109/ICC.2012.6364602
