• DocumentCode
    2263193
  • Title

    SAFEM: Scalable analysis of flows with entropic measures and SVM

  • Author

    François, Jérôme ; Wagner, Cynthia ; State, Radu ; Engel, Thomas

  • Author_Institution
    Interdiscipl. Centre for Security, Reliability & Trust, Univ. of Luxembourg, Luxembourg, Luxembourg
  • fYear
    2012
  • fDate
    16-20 April 2012
  • Firstpage
    510
  • Lastpage
    513
  • Abstract
    This paper describes a new approach for the detection of large-scale anomalies or malicious events in Netflow records. This approach allows Internet operators, to whom botnets and spam are major threats, to detect large-scale distributed attacks. The prototype SAFEM (Scalable Analysis of Flows with Entropic Measures) uses spatial-temporal Netflow record aggregation and applies entropic measures to traffic. The aggregation scheme highly reduces data storage leading to the viability of using such an approach in an Internet Service Provider network.
  • Keywords
    Internet; computer network security; spatiotemporal phenomena; telecommunication traffic; unsolicited e-mail; Internet operators; Internet service provider network; SAFEM; SVM; botnets; data storage; entropic measures; large-scale anomaly detection; large-scale distributed attack detection; malicious events; scalable analysis of flow with entropic measures; spam; spatial-temporal Netflow record aggregation scheme; Computer architecture; Entropy; IP networks; Internet; Measurement; Monitoring; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network Operations and Management Symposium (NOMS), 2012 IEEE
  • Conference_Location
    Maui, HI
  • ISSN
    1542-1201
  • Print_ISBN
    978-1-4673-0267-8
  • Electronic_ISBN
    1542-1201
  • Type

    conf

  • DOI
    10.1109/NOMS.2012.6211943
  • Filename
    6211943
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2263193