Extracting Hidden Anomalies using Sketch and Non Gaussian Multiresolution Statistical Detection Procedures

Abstract : A new profile-based anomaly detection and characterization procedure is proposed. It aims at performing prompt and accurate detection of both short-lived and long-lasting low-intensity anomalies, without the recourse of any prior knowledge of the targetted traffic. Key features of the algorithm lie in the joint use of random projection techniques (sketches) and of a multiresolution non Gaussian marginal distribution modeling. The former enables both a reduction in the dimensionality of the data and the measurement of the reference (i.e., normal) traffic behavior, while the latter extracts anomalies at different aggregation levels. This procedure is used to blindly analyze a large-scale packet trace database collected on a trans-Pacific transit link from 2001 to 2006. It can detect and identify a large number of known and unknown anomalies and attacks, whose intensities are low (down to below one percent). Using sketches also makes possible a real-time identification of the source or destination IP addresses associated to the detected anomaly and hence their mitigation.
Type de document :
Communication dans un congrès
ACM SIGCOMM 2007 Workshop on Large-Scale Attack Defense (LSAD), Aug 2007, Kyoto, Japan. ACM, 2007
Liste complète des métadonnées

Littérature citée [23 références]  Voir  Masquer  Télécharger

https://hal-ens-lyon.archives-ouvertes.fr/ensl-00177654
Contributeur : Pierre Borgnat <>
Soumis le : lundi 8 octobre 2007 - 17:43:53
Dernière modification le : jeudi 8 février 2018 - 11:07:38
Document(s) archivé(s) le : lundi 24 septembre 2012 - 13:15:35

Fichier

lsad07vfinal.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : ensl-00177654, version 1

Collections

Citation

Guillaume Dewaele, Kensuke Fukuda, Pierre Borgnat, Patrice Abry, Kenjiro Cho. Extracting Hidden Anomalies using Sketch and Non Gaussian Multiresolution Statistical Detection Procedures. ACM SIGCOMM 2007 Workshop on Large-Scale Attack Defense (LSAD), Aug 2007, Kyoto, Japan. ACM, 2007. 〈ensl-00177654〉

Partager

Métriques

Consultations de la notice

131

Téléchargements de fichiers

438