Flooding attacks detection in backbone traffic using power divergence

Authors:
Ali Makke;Osman Salem;Mohamad Assaad;Hassine Moungla;Ahmed Mehaoua
Affiliations:
University of Paris Descartes - LIPADE, 75006 Paris, France;University of Paris Descartes - LIPADE, 75006 Paris, France;SUPELEC, 91190 Gif-sur-Yvette, France;University of Paris Descartes - LIPADE, 75006 Paris, France;University of Paris Descartes - LIPADE, 75006 Paris, France
Venue:
Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks
Year:
2012

Citing 13
Cited 0

Elements of information theory

Elements of information theory
SYN-dog: Sniffing SYN Flooding Sources

ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Sketch-based change detection: methods, evaluation, and applications

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Change-Point Monitoring for the Detection of DoS Attacks

IEEE Transactions on Dependable and Secure Computing
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Sensitivity of PCA for traffic anomaly detection

Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Reversible sketches: enabling monitoring and analysis over high-speed data streams

IEEE/ACM Transactions on Networking (TON)
Detecting VoIP Floods Using the Hellinger Distance

IEEE Transactions on Parallel and Distributed Systems
Traffic flooding attack detection with SNMP MIB using SVM

Computer Communications
Network anomaly detection based on wavelet analysis

EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Anomaly extraction in backbone networks using association rules

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Sketch-based SIP flooding detection using Hellinger distance

GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Network Anomaly Detection Using a Commute Distance Based Approach

ICDMW '10 Proceedings of the 2010 IEEE International Conference on Data Mining Workshops

Quantified Score

Hi-index	0.00

Visualization

Abstract

Flooding attacks detection in traffic of backbone networks requires generally the analysis of a huge amount of data with high accuracy and low complexity. In this paper, we propose a new scheme to detect flooding attacks in high speed networks. The proposed mechanism is based on the application of Power Divergence measures over Sketch data structure. Sketch is used for random aggregation of traffic, and Power Divergence is applied to detect deviations between current and established probability distributions of network traffic. We focus on tuning the parameter of Power Divergence to optimize the performance. We evaluate our approach using real Internet traffic traces, obtained from MAWI trans-Pacific wide transit link between USA and Japan. Our results show that the proposed approach outperforms existing solutions in terms of detection accuracy and false alarm ratio.