Abstract
Anomaly-based Intrusion Detection is a key research topic in network security due to its ability to face unknown attacks and new security threats. Moreover, new solutions should cope with scalability issues derived from the growth of the Internet traffic. To this aim random aggregation through the use of sketches represents a powerful prefiltering stage that can be applied to backbone data traffic with a performance improvement wrt traditional static aggregations at subnet level. In the paper we apply the CUSUM algorithm at the bucket level to reveal the presence of anomalies in the current data and, in order to improve the detection rate, we correlate the data corresponding to traffic flows aggregation based on different fields of the network and transport level headers. As a side effect, the correlation procedure gives some hints on the typology of the intrusions since different attacks determine the variability of the statistics associated to specific header fields. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed approach, confirming the goodness of CUSUM as a change-point detection algorithm.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
