Anomaly detection in network traffic using Jensen-Shannon divergence

Anomaly detection in high speed networks is well known to be a challenging problem. It requires generally the analysis of a huge amount of data with high accuracy and low complexity. In this paper, we propose an anomaly detection mechanism against flooding attacks in high speed networks. The proposed mechanism is based on Jensen-Shannon divergence metric over sketch data structure. This sketch is used to reduce the required memory, while monitoring the traffic, by maintaining them into a predefined fixed size of hash tables. This sketch is also used to develop a probabilistic model. The Jensen-Shannon divergence is used for detecting deviations between previously established and current distributions of network traffic. We have implemented our approach and evaluated it using real Internet traffic traces, obtained from MAWI trans-Pacific wide transit link between USA and Japan. Our results show that the proposed approach is scalable and efficient in detecting anomalies without maintaining per-flow state information.