Proceedings of the 2007 workshop on Large scale attack defense
AINTEC '09 Asian Internet Engineering Conference
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
Hi-index | 0.00 |
An anomaly detection procedure is defined and its statistical performance are carefully quantified. It is based on a non Gaussian modeling of the marginal distributions of random projections (sketches) of traffic aggregated jointly at different levels (multiresolution). To evaluate false negative vs. false positive in a controlled, reproducible and documented framework, we apply the detection procedure to traffic time-series from our self-made anomaly database. It is obtained by performing DDoS-type attacks, using real-world attack tools, over a real operational network. Also, we illustrate that combining sketches enables us to identify the target IP destination address and faulty packets hence opening the track to attack mitigation.