Title :
An unknown input sliding observer for anomaly detection in TCP/IP networks
Author :
Rahmé, Sandy ; Labit, Yann ; Gouaisbaut, Frédéric
Author_Institution :
LAAS, CNRS, Toulouse, France
Abstract :
This paper deals with the issue of anomaly detection in TCP/IP networks based on a control theory approach. Using a previously developed sliding mode observer, an improvement of the anomaly detection and reconstruction is proposed. More specifically, the ability of distinguishing false/true positives and false/true negatives in a prescribed finite time is ensured thanks to the design of an unknown input observer combined to some low pass filters. A high quality of service (QoS) is thus guaranteed to the network. To elucidate the proposed method, a network topology is then tested via Simulink as well as via the network simulator NS-2. Finally, detailed results analysis confirm the enhancement brought to the detection of an anomaly flowing through the network.
Keywords :
observers; quality of service; security of data; telecommunication network topology; transport protocols; variable structure systems; Simulink; TCP/IP networks; anomaly detection; control theory approach; high quality of service; low pass filters; network simulator NS-2; network topology; sliding mode observer; unknown input sliding observer; Control theory; Detectors; Face detection; IP networks; Intrusion detection; Low pass filters; Network topology; Quality of service; TCPIP; Testing;
Conference_Titel :
Ultra Modern Telecommunications & Workshops, 2009. ICUMT '09. International Conference on
Conference_Location :
St. Petersburg
Print_ISBN :
978-1-4244-3942-3
Electronic_ISBN :
978-1-4244-3941-6
DOI :
10.1109/ICUMT.2009.5345438
