Use of a Cepstral Information Norm for Anomaly Detection in a BGP-inferred Internet
نویسندگان
چکیده
In this paper we use a particular type of mutual information norm — the cepstral information norm — for anomaly detection at the router level in the Internet. We combine the cepstral norm with a state space Kalman filter to define two distance metrics to capture anomalous behaviour. These metrics are implemented using a subspace-based model-free paradigm to aid realtime analysis. We infer a top level Internet topology using Border Gateway Protocol router updates and characterise the structural evolution of the network using a selection of graph metrics. Analysis over one week of non time-homogeneous updates, which includes The SQL Slammer worm event, shows the combined use of the two cepstral distance metrics detects the occurrence and severity of anomalous network events.
منابع مشابه
A Survey of Anomaly Detection Approaches in Internet of Things
Internet of Things is an ever-growing network of heterogeneous and constraint nodes which are connected to each other and the Internet. Security plays an important role in such networks. Experience has proved that encryption and authentication are not enough for the security of networks and an Intrusion Detection System is required to detect and to prevent attacks from malicious nodes. In this ...
متن کاملAnomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism
Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in ...
متن کاملUsing Databases for Bgp Data Analysis
Boarder Gateway Protocol is an Exterior Gateway Protocol used between Autonomous Systems (ASes) to send update information upon changes in the network topology. Network reachability information is contained within BGP update messages. Recent trends in BGP anomaly detection systems employ machine learning techniques to mine network data. In the proposed approach, we consider diversity of anomalo...
متن کاملA Visual Technique for Internet Anomaly Detection
The Internet can be made more secure and efficient with effective anomaly detection. In this paper, we describe a visual method for anomaly detection using archived Border Gateway Protocol (BGP) data. A special encoding of IP addresses built into an interactive visual interface design allows a user to quickly detect Origin AS changes by browsing through 2D visual representation of selected aspe...
متن کاملComprehensive Solution for Anomaly-Free BGP
The Internet consists of many self-administered and inter-connected Autonomous Systems (ASms). ASms exchangeinter-AS routing information with each other via the Border Gateway Protocol (BGP). Neighboring BGP routers located in different ASms share their inter-AS routing information via external BGP (eBGP), whereas two routers in the same AS share their inter-AS routing information via internal ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006