AnKLe: Detecting Attacks in Large Scale Systems via Information Divergence

Emmanuelle Anceaume 1, 2 Yann Busnel 3 Sébastien Gambs 1, 2
1 CIDER
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
2 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE, Inria Rennes – Bretagne Atlantique , CentraleSupélec
Abstract : In this paper, we consider the setting of large scale distributed systems, in which each node needs to quickly process a huge amount of data received in the form of a stream that may have been tampered with by an adversary. In this situation, a fundamental problem is how to detect and quantify the amount of work performed by the adversary. To address this issue, we propose AnKLe (for Attack-tolerant eNhanced Kullback- Leibler divergence Estimator), a novel algorithm for estimating the KL divergence of an observed stream compared to the expected one. AnKLe com- bines sampling techniques and information-theoretic methods. It is very efficient, both in terms of space and time complexities, and requires only a single pass over the data stream. Experimental results show that the estimation provided by AnKLe remains accurate even for different adversarial settings for which the quality of other methods dramatically decreases.
Complete list of metadatas

Cited literature [26 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-00677077
Contributor : Yann Busnel <>
Submitted on : Wednesday, March 7, 2012 - 1:45:37 PM
Last modification on : Friday, November 16, 2018 - 1:39:06 AM
Long-term archiving on : Wednesday, December 14, 2016 - 10:55:50 AM

File

papier.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00677077, version 1

Citation

Emmanuelle Anceaume, Yann Busnel, Sébastien Gambs. AnKLe: Detecting Attacks in Large Scale Systems via Information Divergence. Ninth European Dependable Computing Conference (EDCC 2012), May 2012, Sibiu, Romania. pp.12. ⟨hal-00677077⟩

Share

Metrics

Record views

2765

Files downloads

775