Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures

Proceedings of the 2007 Workshop on Large Scale Attack Defense, LSAD '07

Volumn , Issue , 2007, Pages 145-152

  Dewaele, Guillaume ^a   Fukuda, Kensuke ^b   Borgnat, Pierre ^a   Abry, Patrice ^a   Cho, Kenjiro ^c  

^a Laboratoire de Physique UMR CNRS ENSL   (France)

^b NATIONAL INSTITUTE OF INFORMATICS   (Japan)

^c Internet Initiative Japan and Core Member of the KAME Project   (Japan)

Author keywords

Anomaly Detection; Gamma multiresolution modeling; MAWI database; Sketch; Traffic measurement

Indexed keywords

AGGREGATION LEVEL; ANOMALY DETECTION; CHARACTERIZATION PROCEDURES; IP ADDRESSS; KEY FEATURE; LONG LASTING; LOW-INTENSITY; MULTI-RESOLUTION MODELING; MULTI-RESOLUTIONS; NON-GAUSSIAN; NON-GAUSSIAN MARGINAL DISTRIBUTION; PRIOR KNOWLEDGE; RANDOM PROJECTIONS; REAL-TIME IDENTIFICATION; STATISTICAL DETECTION; TRAFFIC BEHAVIOR; TRAFFIC MEASUREMENTS;

TRACE ANALYSIS;

DATABASE SYSTEMS;

EID: 62949129764     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1352664.1352674     Document Type: Conference Paper

References (24)

1. P. Abry, P. Borgnat, and G. Dewaele. Sketch based anomaly detection, identification and performance evaluation. In IEEE/IPSJ SAINT Measurement Workshop, Jan. 2007.
2. P. Barford, J. Kline, D. Plonka, and A. Ron. A signal analysis of network traffic anomalies. In IMW, pp. 71-82, Nov. 2002.
3. M. Basseville. Distance measures for signal processing and pattern recognition. Signal Processing, 18:349-369, 1989.
4. Borgnat, P., et al. Détection d'attaques de dénis de service par un modèle non gaussien multirésolution. In CFIP-2006, pp. 303-314, Nov. 2006.
5. J. Brutlag. Aberrant behavior detection in time series for network monitoring. In USENIX System Administration Conference, Dec. 2000.
6. C.-M. Cheng, H. Kung, and K.-S. Tan. Use of spectral analysis in defense against DoS attacks. In IEEE Globecom, volume 3, pp. 2031-2035, 2002.
7. K. Cho, K. Mitsuya, and A. Kato. Traffic data repository at the WIDE project. In USENIX FREENIX Track, June 2000. mawi.wide.ad.jp/mawi
8. P. Huang, A. Feldmann, and W. Willinger. A non-intrusive, wavelet-based approach to detecting network performance problems. In IMW, pp. 213-227, Nov. 2001.
9. A. Hussain, J. Heidemann, and C. Papadopoulos. A framework for classifying denial of service attacks. In SIGCOMM, pp. 99-110, 2003.
10. S. Jin and D. Yeung. A covariance analysis model for DDoS attack detection. In ICC, volume 4, pp. 1882-1886, June 2004.
11. J. Jung, B. Krishnamurthy, and M. Rabinovich. Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites. In 11th WWW Conf., pp. 293-304, May 2002.
12. Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao. Packetscore: A statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans. Depend. Secur. Comput., 3(2):141-155, 2006.
13. B. Krishnamurty, S. Sen, Y. Zhang, and Y. Chen. Sketch-based change detection: Methods, evaluation, and applications. In IMC, pp. 234-247, Oct. 2003.
14. A. Lakhina, M. Crovella, and C. Diot. Diagnosing network-wide traffic anomalies. In SIGCOMM, pp. 219-230, Aug. 2004.
15. X. Li, F. Bian, M. Crovella, C. Diot, R. Govindan, G. Iannaccone, and A. Lakhina. Detection and identification of network anomalies using sketch subspaces. In IMC, pp. 147-152, Oct. 2006.
16. J. Mirkovic and P. Reiher. A taxonomy of ddos attacks and defense mechanisms. ACM Comp. Com. Rev., 34(2):39-53, Apr. 2004.
17. D. Moore, G. Voelker, and S. Savage. Inferring internet denial-of-service activity. In Usenix Security Symposium, pp. 9-22, Aug. 2001.
18. S. Muthukrishnan. Data streams: Algorithms and applications. In SODA, pp. 413, Jan. 2003.
19. K. Park and W. Willinger, eds. Self-Similar Network Traffic and Performance Evaluation. Wiley, 2000.
20. N. Patwari and A. Hero. Manifold learning visualization of network traffic data. In SIGCOMM MineNet, pp. 191-196, Aug. 2005.
21. A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry. Non gaussian and long memory statistical characterisations for internet traffic with anomalies. IEEE Trans. Depend. Secur. Comput., 4(1):56-70,. 2007. (Pubitemid 46384621)
22. A. Soule, K. Salamatian, and N. Taft. Combining filtering and statistical methods for anomaly detection. In IMC, pp. 331-344, Oct. 2005.
23. M. Thorup and Y. Zhang. Tabulation based 4-universal hashing with applications to second moment estimation. In SODA, pp. 615-624, Jan. 2004.
24. Y. Zhang, Z. Ge, A. Greenberg, and M. Roughan. Network anomography. In IMC, pp. 317-330, Oct. 2005.