Sketch based Anomaly Detection, Identification and Performance Evaluation - Archive ouverte HAL Access content directly
Conference Papers Year : 2007

Sketch based Anomaly Detection, Identification and Performance Evaluation

(1) , (1) , (1)
1
Patrice Abry
Pierre Borgnat
  • Function : Author
  • PersonId : 838021
Guillaume Dewaele
  • Function : Author
  • PersonId : 842999

Abstract

An anomaly detection procedure is defined and its statistical performance are carefully quantified. It is based on a non Gaussian modeling of the marginal distributions of random projections (sketches) of traffic aggregated jointly at different levels (multiresolution). To evaluate false negative vs. false positive in a controlled, reproducible and documented framework, we apply the detection procedure to traffic time-series from our self-made anomaly database. It is obtained by performing DDoS-type attacks, using real-world attack tools, over a real operational network. Also, we illustrate that combining sketches enables us to identify the target IP destination address and faulty packets hence opening the track to attack mitigation.
Fichier principal
Vignette du fichier
saint07_abry_SketchAnomalyDetect.pdf (206.12 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

ensl-00175474 , version 1 (28-09-2007)

Identifiers

  • HAL Id : ensl-00175474 , version 1

Cite

Patrice Abry, Pierre Borgnat, Guillaume Dewaele. Sketch based Anomaly Detection, Identification and Performance Evaluation. SAINT 2007 International Symposium on Applications and the Internet, Workshop on Internet Measurement Technology and its Applications to Building Next Generation Internet, IEEE-CS and IPSJ, Jan 2007, Hiroshima, Japan. ⟨ensl-00175474⟩
104 View
76 Download

Share

Gmail Facebook Twitter LinkedIn More