Sketch-based multidimensional IDS: A new approach for network anomaly detection

The diffusion of technologies for high speed data transmission over the Internet and the growing employment of new multimedia services require fast and effective techniques for the protection against network attacks. In this paper we present a new approach able to detect at the same time different types of network anomalies. It consists in the simultaneous analysis of several traffic descriptors (aggregated through a sketch to guarantee the scalability of the algorithm) by means of a single vectorial algorithm. In terms of ROC curve, the performance of our multidimensional Intrusion Detection System (IDS) are comparable with the separate application of traditional monodimensional IDSs to all traffic parameters, while reducing the computational time of more than 80%.

[1]  S. Muthukrishnan,et al.  Data streams: algorithms and applications , 2005, SODA '03.

[2]  Kensuke Fukuda,et al.  MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking , 2010, CoNEXT.

[3]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[4]  G. Székely,et al.  TESTING FOR EQUAL DISTRIBUTIONS IN HIGH DIMENSION , 2004 .

[5]  Sanjay Ranka,et al.  Statistical change detection for multi-dimensional data , 2007, KDD '07.

[6]  Xenofontas A. Dimitropoulos,et al.  Histogram-based traffic anomaly detection , 2009, IEEE Transactions on Network and Service Management.

[7]  Kensuke Fukuda,et al.  Combining sketch and wavelet models for anomaly detection , 2010, Proceedings of the 2010 IEEE 6th International Conference on Intelligent Computer Communication and Processing.

[8]  Masashi Sugiyama,et al.  Change-Point Detection in Time-Series Data by Direct Density-Ratio Estimation , 2009, SDM.

[9]  Kensuke Fukuda,et al.  Seven Years and One Day: Sketching the Evolution of Internet Traffic , 2009, IEEE INFOCOM 2009.

[10]  Daniel Nikovski,et al.  Fast adaptive algorithms for abrupt change detection , 2009, Machine Learning.

[11]  Kensuke Fukuda,et al.  Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures , 2007, LSAD '07.

[12]  Ieee Staff,et al.  2013 IEEE Conference on Communications and Network Security (CNS) , 2013 .

[13]  Christian Callegari,et al.  Combining sketches and wavelet analysis for multi time-scale network anomaly detection , 2011, Comput. Secur..

[14]  Graham Cormode,et al.  An Improved Data Stream Summary: The Count-Min Sketch and Its Applications , 2004, LATIN.

[15]  Christian Callegari,et al.  When randomness improves the anomaly detection performance , 2010, 2010 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL 2010).

[16]  Christian Callegari,et al.  Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods , 2012, Int. J. Sens. Networks.

[17]  Osman Salem,et al.  A scalable, efficient and informative approach for anomaly‐based intrusion detection systems: theory and practice , 2010, Int. J. Netw. Manag..

[18]  Balachander Krishnamurthy,et al.  Sketch-based change detection: methods, evaluation, and applications , 2003, IMC '03.

[19]  Yan Chen,et al.  Reversible sketches for efficient and accurate change detection over network data streams , 2004, IMC '04.