Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Patrice Abry Articles by Pierre Borgnat Articles by Guillaume Dewaele

2007 International Symposium on Applications and the Internet Workshops (SAINTW'07)

Hiroshima, Japan

January 15-January 19

ISBN: 0-7695-2757-4

	ASCII Text	x
	Patrice Abry, Pierre Borgnat, Guillaume Dewaele, "Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation," Applications and the Internet Workshops, IEEE/IPSJ International Symposium on, pp. 80, 2007 International Symposium on Applications and the Internet Workshops (SAINTW'07), 2007.

	BibTex	x
	@article{ 10.1109/SAINT-W.2007.55, author = {Patrice Abry and Pierre Borgnat and Guillaume Dewaele}, title = {Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation}, journal ={Applications and the Internet Workshops, IEEE/IPSJ International Symposium on}, volume = {0}, year = {2007}, isbn = {0-7695-2757-4}, pages = {80}, doi = {http://doi.ieeecomputersociety.org/10.1109/SAINT-W.2007.55}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Applications and the Internet Workshops, IEEE/IPSJ International Symposium on TI - Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation SN - 0-7695-2757-4 SP EP A1 - Patrice Abry, A1 - Pierre Borgnat, A1 - Guillaume Dewaele, PY - 2007 KW - null VL - 0 JA - Applications and the Internet Workshops, IEEE/IPSJ International Symposium on ER -

Patrice Abry, ENS Lyon, France

Pierre Borgnat, ENS Lyon, France

Guillaume Dewaele, ENS Lyon, France

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SAINT-W.2007.55

An anomaly detection procedure is defined and its statistical performance are carefully quantified. It is based on a non Gaussian modeling of the marginal distributions of random projections (sketches) of traffic aggregated jointly at different levels (multiresolution). To evaluate false negative vs. false positive in a controlled, reproducible and documented framework, we apply the detection procedure to traffic time-series from our self-made anomaly database. It is obtained by performing DDoS-type attacks, using real-world attack tools, over a real operational network. Also, we illustrate that combining sketches enables us to identify the target IP destination address and faulty packets hence opening the track to attack mitigation.

Citation:

Patrice Abry, Pierre Borgnat, Guillaume Dewaele, "Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation," saint-w, pp.80, 2007 International Symposium on Applications and the Internet Workshops (SAINTW'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.