DocumentCode :
2551649
Title :
Privacy-preserving anomaly detection across multi-domain networks
Author :
Zhang, Pei ; Huang, Xiaohong ; Sun, Xin ; Wang, Hao ; Ma, Yan
Author_Institution :
Inst. of Network Technol., Beijing Univ. of Posts & Telecommun., Beijing, China
fYear :
2012
fDate :
29-31 May 2012
Firstpage :
1066
Lastpage :
1070
Abstract :
A lot of traffic anomalies, such as flash crowds, denial-of-service attacks, port scans, can often span multiple ISP networks. Cooperatively detecting and diagnosing these anomalies is critical for network operators to choose the appropriate response. However, legitimate concerns about privacy, such as network topology and link loads, often inhibit network operators in collaborative detection. In this paper, we propose a privacy-preserving mechanism that allows ISPs to cooperatively detect anomalies without requiring them to reveal private traffic information. We design a “semi-centralized” architecture and use secure multiparty computation (SMC) protocol to make the Principal Component Analysis (PCA) based detection method privacy-preserving and at same time keep its scalability and accuracy. We evaluate our design at a simulated distributed environment by using traffic traces from the Abilene backbone network as well as synthetic traces. The results show that it performs well for network-wide anomaly detection and enable larger-scale ISPs cooperation without privacy concerns.
Keywords :
Internet; computer network security; data privacy; principal component analysis; protocols; telecommunication links; telecommunication network topology; telecommunication traffic; Abilene backbone network; ISP cooperation; PCA based detection method; SMC protocol; anomaly diagnosis; collaborative detection; denial-of-service attack; distributed environment; flash crowd; link load; multidomain network; multiple ISP network; network operators; network topology; network-wide anomaly detection; port scan; principal component analysis; privacy concern; privacy-preserving anomaly detection; private traffic information; secure multiparty computation; semicentralized architecture; traffic anomaly; traffic trace; Algorithm design and analysis; Covariance matrix; Monitoring; Principal component analysis; Privacy; Protocols; Scalability; principal component analysis; privacy-preserving; secure multiparty computation;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Fuzzy Systems and Knowledge Discovery (FSKD), 2012 9th International Conference on
Conference_Location :
Sichuan
Print_ISBN :
978-1-4673-0025-4
Type :
conf
DOI :
10.1109/FSKD.2012.6234272
Filename :
6234272
Link To Document :
بازگشت