• DocumentCode
    699810
  • Title

    Detection of network anomalies using rank tests

  • Author

    Levy-Leduc, Celine

  • Author_Institution
    LTCI, Telecom ParisTech, Paris, France
  • fYear
    2008
  • fDate
    25-29 Aug. 2008
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    We propose a novel and efficient method for on-line detection of network anomalies that lead to changes in Internet traffic such as (distributed) denial-of-service ((D)DoS) attacks. Our method consists in a data reduction stage based on record filtering followed by a nonparametric change-point detection test based on U-statistics. With such a method, we can address massive data streams and provide an on-line anomaly detection as well as the source and destination IP addresses involved. We apply this algorithm to some Internet traffic generated by France-Télécom Internet Service Provider (ISP) in the framework of the ANR-RNRT OSCAR project. This approach called TopRank in the following is very attractive since it enjoys a low computational cost and is able to detect several types of anomalies such as TCP/SYN flooding, UDP flooding, PortScan and NetScan with a low false alarm rate.
  • Keywords
    IP networks; Internet; computer network security; data reduction; statistical analysis; telecommunication traffic; ANR-RNRT OSCAR project; France-Telecom ISP; France-Telecom Internet Service Provider; IP addresses; Internet traffic; U-statistics; data reduction stage; intrusion detection method; massive data streams; network anomaly online detection; nonparametric change-point detection; rank tests; Computer crime; Databases; IP networks; Internet; Intrusion detection; Protocols; Time series analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Signal Processing Conference, 2008 16th European
  • Conference_Location
    Lausanne
  • ISSN
    2219-5491
  • Type

    conf

  • Filename
    7080342
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=699810