Comparison between divergence measures for anomaly detection of mobile agents in IP networks

This paper deals with detection of SYN flooding attacks which are the most common type of attacks in a Mobile Agent World. We propose a new framework for the detection of flooding attacks by integrating Divergence measures over Sketch data structure. We compare three divergence measures (Hellinger Distance, Chi-square and Power divergence) to analyze their detection accuracy. The performance of the proposed framework is investigated in terms of detection probability and false alarm ratio. We focus on tuning the parameter of Divergence Measures to optimize the performance. We conduct performance analysis over publicly available real IP traces, in Mobile Agent Network, integrated with flooding attacks. Our experimental results show that Power Divergence outperforms Chi-square divergence and Hellinger distance in network anomalies detection in terms of detection and false alarm.

[1]  D. Haussler,et al.  MUTUAL INFORMATION, METRIC ENTROPY AND CUMULATIVE RELATIVE ENTROPY RISK , 1997 .

[2]  Palaniappan Kannappan,et al.  A Directed-Divergence Function of Type β , 1972, Inf. Control..

[3]  V. Jacobson,et al.  Congestion avoidance and control , 1988, CCRV.

[4]  Jinhuan Wang,et al.  Estimation, Intervention and Interaction of Multi-agent Systems , 2013 .

[5]  Michel Broniatowski,et al.  An estimation method for the Neyman chi-square divergence with application to test of hypotheses , 2006 .

[6]  Danny B. Lange,et al.  Mobile agents with Java: The Aglet API , 1998, World Wide Web.

[7]  Mo Adda,et al.  Network fault detection with Wiener filter-based agent , 2009, J. Netw. Comput. Appl..

[8]  Iyad Rahwan,et al.  Agent-Based Support for Mobile Users Using AgentSpeak(L) , 2003, AOIS.

[9]  Anand R. Tripathi,et al.  Security in mobile agent systems , 1998 .

[10]  Ahmed Sameh Mohamed,et al.  Security in mobile agent systems , 2002, Proceedings 2002 Symposium on Applications and the Internet (SAINT 2002).

[11]  Jan Havrda,et al.  Quantification method of classification processes. Concept of structural a-entropy , 1967, Kybernetika.

[12]  Maria Zubair,et al.  Mobile agent based network management applications and fault-tolerance mechanisms , 2016, 2016 Sixth International Conference on Innovative Computing Technology (INTECH).

[13]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[14]  Bo Chen,et al.  Integrating mobile agent technology with multi-agent systems for distributed traffic detection and management systems , 2009 .

[15]  Samia Nefti-Meziani,et al.  iDetect: Content Based Monitoring of Complex Networks using Mobile Agents , 2012, Appl. Soft Comput..

[16]  Osman Salem,et al.  A Novel Approach for Anomaly Detection over High-Speed Networks , 2008 .

[17]  Wayne A. Jansen,et al.  Mobile Agent Security , 1999 .

[18]  Radu State,et al.  VoIP Honeypot Architecture , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[19]  Yacine Rezgui,et al.  Categorization of malicious behaviors using ontology-based cognitive agents , 2013, Data Knowl. Eng..

[20]  Chi Zhou,et al.  Sketch-Based SIP Flooding Detection Using Hellinger Distance , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[21]  A.S. Tanenbaum,et al.  Security in a mobile agent system , 2004, IEEE First Symposium onMulti-Agent Security and Survivability, 2004.