Title :
Detection of network anomalies using rank tests
Author :
Levy-Leduc, Celine
Author_Institution :
LTCI, Telecom ParisTech, Paris, France
Abstract :
We propose a novel and efficient method for on-line detection of network anomalies that lead to changes in Internet traffic such as (distributed) denial-of-service ((D)DoS) attacks. Our method consists in a data reduction stage based on record filtering followed by a nonparametric change-point detection test based on U-statistics. With such a method, we can address massive data streams and provide an on-line anomaly detection as well as the source and destination IP addresses involved. We apply this algorithm to some Internet traffic generated by France-Télécom Internet Service Provider (ISP) in the framework of the ANR-RNRT OSCAR project. This approach called TopRank in the following is very attractive since it enjoys a low computational cost and is able to detect several types of anomalies such as TCP/SYN flooding, UDP flooding, PortScan and NetScan with a low false alarm rate.
Keywords :
IP networks; Internet; computer network security; data reduction; statistical analysis; telecommunication traffic; ANR-RNRT OSCAR project; France-Telecom ISP; France-Telecom Internet Service Provider; IP addresses; Internet traffic; U-statistics; data reduction stage; intrusion detection method; massive data streams; network anomaly online detection; nonparametric change-point detection; rank tests; Computer crime; Databases; IP networks; Internet; Intrusion detection; Protocols; Time series analysis;
Conference_Titel :
Signal Processing Conference, 2008 16th European
Conference_Location :
Lausanne
