Resilient real-time network anomaly detection using novel non-parametric statistical tests
作者: Chad A. Bollmann , Murali Tummala , John C. McEachen
DOI: 10.1016/J.COSE.2020.102146
关键词:
摘要: Abstract This work describes a novel application of robust estimation to the detection volumetric anomalies in computer network traffic. The proposed tests are based on sample location and dispersion derived from relatively unknown Zero Order Statistics. non-parametric suitable for range applications heavy-tailed data analysis outside performance these is examined using two different real-world denial-of-service attacks contained actual high-volume backbone outperform traditional metrics such as mean variance due presence heavy tails traffic, frequent characteristic traffic networks. Monte Carlo used quantify gains show an improvement accuracy between 7 11% at very low false alarm rates. also demonstrate equivalent or superior median, common statistic. Constructive timing key system processes near real-time performance. Three- six- second windows containing 750 1200 elements can be processed less than one commodity hardware running unoptimized code. These results imply scalability variety networks commercial applications. Scalability prospects further enhanced by demonstrating resilient attack volumes 25 100 percent baseline rates both real generated
sci-hub.st 参考文章(39)
Chrysostomos L. Nikias, Panagiotis Tsakalides, Deviation from normality in statistical signal processing: parameter estimation with alpha-stable distributions A practical guide to heavy tails. pp. 379- 404 ,(1998)
George A. Tsihrintzis, Statistical modeling and receiver design for multi-user communication networks A practical guide to heavy tails. pp. 405- 431 ,(1998)
John P. Nolan, Maximum Likelihood Estimation and Diagnostics for Stable Distributions Lévy Processes. pp. 379- 400 ,(2001) , 10.1007/978-1-4612-0197-7_17
Ercan E Kuruoğlu, Christophe Molina, William J Fitzgerald, None, Approximation of α-stable probability densities using finite Gaussian mixtures european signal processing conference. pp. 1- 4 ,(1998)
Walter Willinger, Vern Paxson, Murad S. Taqqu, Self-similarity and heavy tails: structural modeling of network traffic A practical guide to heavy tails. pp. 27- 53 ,(1998)
Jonathan J. Davis, Andrew J. Clark, Data preprocessing for anomaly based network intrusion detection: A review Computers & Security. ,vol. 30, pp. 353- 375 ,(2011) , 10.1016/J.COSE.2011.05.008
Xinlei Ma, Yonghong Chen, DDoS Detection Method Based on Chaos Analysis of Network Traffic Entropy IEEE Communications Letters. ,vol. 18, pp. 114- 117 ,(2014) , 10.1109/LCOMM.2013.112613.132275
Hamidreza Sadreazami, M. Omair Ahmad, M. N. S. Swamy, A study of multiplicative watermark detection in the contourlet domain using alpha-stable distributions. IEEE Transactions on Image Processing. ,vol. 23, pp. 4348- 4360 ,(2014) , 10.1109/TIP.2014.2339633
Monowar H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita, Network Anomaly Detection: Methods, Systems and Tools IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 303- 336 ,(2014) , 10.1109/SURV.2013.052213.00046
Vasilios A. Siris, Fotini Papagalou, Application of anomaly detection algorithms for detecting SYN flooding attacks Computer Communications. ,vol. 29, pp. 1433- 1442 ,(2006) , 10.1016/J.COMCOM.2005.09.008