The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management and many detection techniques, able to promptly reveal and identify network attacks, mainly detecting Heavy Changes (HCs) in the network traffic, have been proposed. Nevertheless, the recent spread of coordinated attacks, that occur in multiple networks simultaneously, makes extremely difficult the detection, using isolated intrusion detection systems that only monitor a limited portion of the Internet. For this reason in this paper we propose a novel distributed architecture that represents a general framework for the detection of network anomalies. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed architecture.
The LogLog Counting Reversible Sketch: a Distributed Architecture for Detecting Anomalies in Backbone Networks
CALLEGARI, CHRISTIAN;GIORDANO, STEFANO;PROCISSI, GREGORIO
2012-01-01
Abstract
The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management and many detection techniques, able to promptly reveal and identify network attacks, mainly detecting Heavy Changes (HCs) in the network traffic, have been proposed. Nevertheless, the recent spread of coordinated attacks, that occur in multiple networks simultaneously, makes extremely difficult the detection, using isolated intrusion detection systems that only monitor a limited portion of the Internet. For this reason in this paper we propose a novel distributed architecture that represents a general framework for the detection of network anomalies. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed architecture.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
