Skip to Main content Skip to Navigation
Conference papers

AnKLe: Detecting Attacks in Large Scale Systems via Information Divergence

Emmanuelle Anceaume 1, 2 Yann Busnel 3 Sébastien Gambs 1, 2
2 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
CentraleSupélec, Inria Rennes – Bretagne Atlantique , IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
Abstract : In this paper, we consider the setting of large scale distributed systems, in which each node needs to quickly process a huge amount of data received in the form of a stream that may have been tampered with by an adversary. In this situation, a fundamental problem is how to detect and quantify the amount of work performed by the adversary. To address this issue, we propose AnKLe (for Attack-tolerant eNhanced Kullback- Leibler divergence Estimator), a novel algorithm for estimating the KL divergence of an observed stream compared to the expected one. AnKLe com- bines sampling techniques and information-theoretic methods. It is very efficient, both in terms of space and time complexities, and requires only a single pass over the data stream. Experimental results show that the estimation provided by AnKLe remains accurate even for different adversarial settings for which the quality of other methods dramatically decreases.
Complete list of metadata

Cited literature [26 references]  Display  Hide  Download
Contributor : Yann Busnel <>
Submitted on : Wednesday, March 7, 2012 - 1:45:37 PM
Last modification on : Thursday, January 7, 2021 - 4:20:09 PM
Long-term archiving on: : Wednesday, December 14, 2016 - 10:55:50 AM


Files produced by the author(s)


  • HAL Id : hal-00677077, version 1


Emmanuelle Anceaume, Yann Busnel, Sébastien Gambs. AnKLe: Detecting Attacks in Large Scale Systems via Information Divergence. Ninth European Dependable Computing Conference (EDCC 2012), May 2012, Sibiu, Romania. pp.12. ⟨hal-00677077⟩



Record views


Files downloads