Extracting Hidden Anomalies using Sketch and Non Gaussian Multiresolution Statistical Detection Procedures - Archive ouverte HAL Access content directly
Conference Papers Year : 2007

Extracting Hidden Anomalies using Sketch and Non Gaussian Multiresolution Statistical Detection Procedures

(1) , (2) , (1) , (1) , (3)
1
2
3
Guillaume Dewaele
  • Function : Author
  • PersonId : 842999
Kensuke Fukuda
  • Function : Author
  • PersonId : 843234
Pierre Borgnat
  • Function : Author
  • PersonId : 838021
Patrice Abry
Kenjiro Cho
  • Function : Author
  • PersonId : 843235

Abstract

A new profile-based anomaly detection and characterization procedure is proposed. It aims at performing prompt and accurate detection of both short-lived and long-lasting low-intensity anomalies, without the recourse of any prior knowledge of the targetted traffic. Key features of the algorithm lie in the joint use of random projection techniques (sketches) and of a multiresolution non Gaussian marginal distribution modeling. The former enables both a reduction in the dimensionality of the data and the measurement of the reference (i.e., normal) traffic behavior, while the latter extracts anomalies at different aggregation levels. This procedure is used to blindly analyze a large-scale packet trace database collected on a trans-Pacific transit link from 2001 to 2006. It can detect and identify a large number of known and unknown anomalies and attacks, whose intensities are low (down to below one percent). Using sketches also makes possible a real-time identification of the source or destination IP addresses associated to the detected anomaly and hence their mitigation.
Fichier principal
Vignette du fichier
lsad07vfinal.pdf (537.49 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

ensl-00177654 , version 1 (08-10-2007)

Identifiers

  • HAL Id : ensl-00177654 , version 1

Cite

Guillaume Dewaele, Kensuke Fukuda, Pierre Borgnat, Patrice Abry, Kenjiro Cho. Extracting Hidden Anomalies using Sketch and Non Gaussian Multiresolution Statistical Detection Procedures. ACM SIGCOMM 2007 Workshop on Large-Scale Attack Defense (LSAD), Aug 2007, Kyoto, Japan. ⟨ensl-00177654⟩
220 View
700 Download

Share

Gmail Facebook Twitter LinkedIn More