Sketch based Anomaly Detection, Identification and Performance Evaluation

Patrice Abry 1 Pierre Borgnat 1 Guillaume Dewaele 1
1 Phys-ENS - Laboratoire de Physique de l'ENS Lyon
Abstract : An anomaly detection procedure is defined and its statistical performance are carefully quantified. It is based on a non Gaussian modeling of the marginal distributions of random projections (sketches) of traffic aggregated jointly at different levels (multiresolution). To evaluate false negative vs. false positive in a controlled, reproducible and documented framework, we apply the detection procedure to traffic time-series from our self-made anomaly database. It is obtained by performing DDoS-type attacks, using real-world attack tools, over a real operational network. Also, we illustrate that combining sketches enables us to identify the target IP destination address and faulty packets hence opening the track to attack mitigation.
Keywords : Anomaly detection Anomaly database Performance Evaluation Sketch Non Gaussian statistics Kullback divergence
Type de document :
Communication dans un congrès
SAINT 2007 International Symposium on Applications and the Internet, Workshop on Internet Measurement Technology and its Applications to Building Next Generation Internet, Jan 2007, Hiroshima, Japan. IEEE-CS, 2007
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger
https://hal-ens-lyon.archives-ouvertes.fr/ensl-00175474
Contributeur : Pierre Borgnat <>
Soumis le : vendredi 28 septembre 2007 - 12:27:49
Dernière modification le : jeudi 19 avril 2018 - 14:54:03
Document(s) archivé(s) le : jeudi 8 avril 2010 - 22:17:15

Fichier

saint07_abry_SketchAnomalyDete...
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : ensl-00175474, version 1

Collections

ENS-LYON | UNIV-LYON1

Citation

Patrice Abry, Pierre Borgnat, Guillaume Dewaele. Sketch based Anomaly Detection, Identification and Performance Evaluation. SAINT 2007 International Symposium on Applications and the Internet, Workshop on Internet Measurement Technology and its Applications to Building Next Generation Internet, Jan 2007, Hiroshima, Japan. IEEE-CS, 2007. 〈ensl-00175474〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

130

Téléchargements de fichiers

90

Contact

support.ccsd.cnrs.fr
hal.support@ccsd.cnrs.fr
Logo CCSD