 |
 |
 |
 |
Conference papers
Sketch based Anomaly Detection, Identification and Performance Evaluation
Abstract : An anomaly detection procedure is defined and its statistical performance are carefully quantified. It is based on a non Gaussian modeling of the marginal distributions of random projections (sketches) of traffic aggregated jointly at different levels (multiresolution). To evaluate false negative vs. false positive in a controlled, reproducible and documented framework, we apply the detection procedure to traffic time-series from our self-made anomaly database. It is obtained by performing DDoS-type attacks, using real-world attack tools, over a real operational network. Also, we illustrate that combining sketches enables us to identify the target IP destination address and faulty packets hence opening the track to attack mitigation.
Cited literature [11 references]
https://hal-ens-lyon.archives-ouvertes.fr/ensl-00175474
Contributor : Pierre Borgnat Connect in order to contact the contributor
Submitted on : Friday, September 28, 2007 - 12:27:49 PM
Last modification on : Sunday, November 22, 2020 - 7:48:07 PM
Long-term archiving on: : Thursday, April 8, 2010 - 10:17:15 PM
Contributor : Pierre Borgnat Connect in order to contact the contributor
Submitted on : Friday, September 28, 2007 - 12:27:49 PM
Last modification on : Sunday, November 22, 2020 - 7:48:07 PM
Long-term archiving on: : Thursday, April 8, 2010 - 10:17:15 PM
File
saint07_abry_SketchAnomalyDete...
Files produced by the author(s)