Skip to Main content Skip to Navigation
Conference papers

An efficient online anomalies detection mechanism for high-speed networks

Abstract : In this paper, we propose an efficient framework for online detection and identification of network anomalies, in early stage of its occurrence, to quickly react by taking the appropriate countermeasures. The proposed framework is based on online detection of change point in a multi-layer reversible sketch, which aggregates multiple data streams from high speeds links in a stretched database. To detect network anomalies, we apply non-parametric multi-channel CUSUM algorithm at the counter value in each bucket of the proposed reversible sketch, in order to undermine flows with abrupt change, and to discover the keys of culprit flows via sketch inversion. Theoretical framework for detection and classification of attacks are presented. We also give the results of our experiments analysis at two data traces collected with Netflow and Endace DAG-3 card. Our analysis results from real-time internet traffic and online implementation show that our proposed architecture is able to detect culprit flows quickly with a high level of accuracy.
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-00504314
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Tuesday, July 20, 2010 - 11:55:01 AM
Last modification on : Thursday, March 5, 2020 - 3:51:50 PM

Identifiers

  • HAL Id : hal-00504314, version 1

Citation

Osman Salem, Sandrine Vaton, Annie Gravey. An efficient online anomalies detection mechanism for high-speed networks. MonAM 2007 : Second IEEE Workshop on Monitoring, Attack Detection and Mitigation, Nov 2007, Toulouse, France. pp.1-6. ⟨hal-00504314⟩

Share

Metrics

Record views

26