AnKLe: Detecting Attacks in Large Scale Systems via Information Divergence

Author

Anceaume, Emmanuelle ; Busnel, Yann ; Gambs, Sébastien

Author_Institution

IRISA, Rennes, France

fYear

2012

fDate

8-11 May 2012

Firstpage

114

Lastpage

125

Abstract

In this paper, we consider the setting of large scale distributed systems, in which each node needs to quickly process a huge amount of data received in the form of a stream that may have been tampered with by an adversary. In this situation, a fundamental problem is how to detect and quantify the amount of work performed by the adversary. To address this issue, we propose AnKLe (for Attack-tolerant enhanced Kullback-Leibler divergence Estimator), a novel algorithm for estimating the KL divergence of an observed stream compared to the expected one. AnKLe combines sampling techniques and information-theoretic methods. It is very efficient, both in terms of space and time complexities, and requires only a single pass over the data stream. Experimental results show that the estimation provided by AnKLe remains accurate even for different adversarial settings for which the quality of other methods dramatically decreases.

Keywords

computational complexity; distributed processing; information theory; security of data; AnKLe; attack detection; attack-tolerant enhanced Kullback-Leibler divergence estimator; data stream; information divergence; information-theoretic methods; large scale distributed systems; sampling techniques; space complexity; time complexity; Algorithm design and analysis; Approximation algorithms; Data models; Entropy; Estimation; Peer to peer computing; Radiation detectors; Byzantine Adversary; Data Stream; Kullback-Leibler Divergence; Performance Analysis; Sampling; Scalability;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Computing Conference (EDCC), 2012 Ninth European

Conference_Location

Sibiu

Print_ISBN

978-1-4673-0938-7

Type

conf

DOI

10.1109/EDCC.2012.9

Filename

6214766