A novel approach for anomaly detection over high-speed networks

Abstract : This paper provides a new framework for efficient detection and identification of network anomalies over high speed links, in early stage of its occurrence to quickly react by taking the appropriate counter-measures. The proposed framework is based on change point detection in counters value of reversible sketch, which aggregates multiple data streams from high speed links in a stretched database. To detect network anomalies, we apply the cumulative sum (CUSUM) algorithm at the counter value of each bucket in the proposed reversible sketch, to detect change point occurrence and to uncover culprit flows via a new approach for sketch inversion. Theoretical framework for attacks detection is presented. We also give the results of our experiments analysis over two real data traces containing anomalies, and extensively analyzed in OSCAR French research project. Our analysis results from real-time internet traffic and online implementation over Endace DAG 3.6ET card show that our proposed architecture is able to detect culprit flows quickly with a high level of accuracy.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-00504310
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Tuesday, July 20, 2010 - 11:53:18 AM
Last modification on : Wednesday, October 30, 2019 - 2:58:02 PM

Identifiers

  • HAL Id : hal-00504310, version 1

Citation

Osman Salem, Sandrine Vaton, Annie Gravey. A novel approach for anomaly detection over high-speed networks. EC2ND : European Conference on Computer Network Defense, Oct 2007, Heraklion, Greece. ⟨hal-00504310⟩

Share

Metrics

Record views

57