Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation

Authors:
Patrice Abry;Pierre Borgnat;Guillaume Dewaele
Affiliations:
ENS Lyon, France;ENS Lyon, France;ENS Lyon, France
Venue:
SAINT-W '07 Proceedings of the 2007 International Symposium on Applications and the Internet Workshops
Year:
2007

Citing 0
Cited 3

Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures

Proceedings of the 2007 workshop on Large scale attack defense
Combining multiresolution and random projections for robust statistical analysis and anomaly detection

AINTEC '09 Asian Internet Engineering Conference
Distribution-based anomaly detection in 3G mobile networks: from theory to practice

International Journal of Network Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

An anomaly detection procedure is defined and its statistical performance are carefully quantified. It is based on a non Gaussian modeling of the marginal distributions of random projections (sketches) of traffic aggregated jointly at different levels (multiresolution). To evaluate false negative vs. false positive in a controlled, reproducible and documented framework, we apply the detection procedure to traffic time-series from our self-made anomaly database. It is obtained by performing DDoS-type attacks, using real-world attack tools, over a real operational network. Also, we illustrate that combining sketches enables us to identify the target IP destination address and faulty packets hence opening the track to attack mitigation.