An unknown input sliding observer for anomaly detection in TCP/IP networks

Author

Rahmé, Sandy ; Labit, Yann ; Gouaisbaut, Frédéric

Author_Institution

LAAS, CNRS, Toulouse, France

fYear

2009

fDate

12-14 Oct. 2009

Firstpage

1

Lastpage

7

Abstract

This paper deals with the issue of anomaly detection in TCP/IP networks based on a control theory approach. Using a previously developed sliding mode observer, an improvement of the anomaly detection and reconstruction is proposed. More specifically, the ability of distinguishing false/true positives and false/true negatives in a prescribed finite time is ensured thanks to the design of an unknown input observer combined to some low pass filters. A high quality of service (QoS) is thus guaranteed to the network. To elucidate the proposed method, a network topology is then tested via Simulink as well as via the network simulator NS-2. Finally, detailed results analysis confirm the enhancement brought to the detection of an anomaly flowing through the network.

Keywords

observers; quality of service; security of data; telecommunication network topology; transport protocols; variable structure systems; Simulink; TCP/IP networks; anomaly detection; control theory approach; high quality of service; low pass filters; network simulator NS-2; network topology; sliding mode observer; unknown input sliding observer; Control theory; Detectors; Face detection; IP networks; Intrusion detection; Low pass filters; Network topology; Quality of service; TCPIP; Testing;

fLanguage

English

Publisher

ieee

Conference_Titel

Ultra Modern Telecommunications & Workshops, 2009. ICUMT '09. International Conference on

Conference_Location

St. Petersburg

Print_ISBN

978-1-4244-3942-3

Electronic_ISBN

978-1-4244-3941-6

Type

conf

DOI

10.1109/ICUMT.2009.5345438

Filename

5345438