Home > Research > Publications & Outputs > Distributed, multi-level network anomaly detect...

Electronic data

  • IEEE_ICC2017_crc

    Rights statement: ©2017 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

    Accepted author manuscript, 238 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

Distributed, multi-level network anomaly detection for datacentre networks

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Distributed, multi-level network anomaly detection for datacentre networks. / Iordache, Mircea; Jouet, Simon; Marnerides, Angelos et al.
IEEE International Conference on Communications (ICC) 2017. IEEE, 2017.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Iordache, M, Jouet, S, Marnerides, A & Pezaros, D 2017, Distributed, multi-level network anomaly detection for datacentre networks. in IEEE International Conference on Communications (ICC) 2017. IEEE, IEEE ICC 2017: IEEE International Conference in Comunications, Paris, France, 21/05/17. https://doi.org/10.1109/ICC.2017.7996569

APA

Iordache, M., Jouet, S., Marnerides, A., & Pezaros, D. (2017). Distributed, multi-level network anomaly detection for datacentre networks. In IEEE International Conference on Communications (ICC) 2017 IEEE. https://doi.org/10.1109/ICC.2017.7996569

Vancouver

Iordache M, Jouet S, Marnerides A, Pezaros D. Distributed, multi-level network anomaly detection for datacentre networks. In IEEE International Conference on Communications (ICC) 2017. IEEE. 2017 doi: 10.1109/ICC.2017.7996569

Author

Iordache, Mircea ; Jouet, Simon ; Marnerides, Angelos et al. / Distributed, multi-level network anomaly detection for datacentre networks. IEEE International Conference on Communications (ICC) 2017. IEEE, 2017.

Bibtex

@inproceedings{a6ccadb9500047499ce0867ab5223f23,
title = "Distributed, multi-level network anomaly detection for datacentre networks",
abstract = "Over the past decade, numerous systems have been proposed to detect and subsequently prevent or mitigate security vulnerabilities. However, many existing intrusion or anomaly detection solutions are limited to a subset of the traffic due to scalability issues, hence failing to operate at line-rate on large, high-speed datacentre networks. In this paper, we present a two-level solution for anomaly detection leveraging independent execution and message passing semantics. We employ these constructs within a network-wide distributed anomaly detection framework that allows for greater detection accuracy and bandwidth cost saving through attack path reconstruction. Experimental results using real operational traffic traces and known network attacks generated through the Pytbull IDS evaluation framework, show that our approach is capable of detecting anomalies in a timely manner while allowing reconstruction of the attack path, hence further enabling the composition of advanced mitigation strategies. The resulting system shows high detection accuracy when compared to similar techniques, at least 20% better at detecting anomalies, and enables full path reconstruction even at small-to-moderate attack traffic intensities (as a fraction of the total traffic), saving up to 75% of bandwidth due to early attack detection.",
author = "Mircea Iordache and Simon Jouet and Angelos Marnerides and Dimitrios Pezaros",
note = "{\textcopyright}2017 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.; IEEE ICC 2017: IEEE International Conference in Comunications, IEEE ICC 2017 ; Conference date: 21-05-2017 Through 25-05-2017",
year = "2017",
month = jul,
day = "31",
doi = "10.1109/ICC.2017.7996569",
language = "English",
isbn = "9781467390002",
booktitle = "IEEE International Conference on Communications (ICC) 2017",
publisher = "IEEE",
url = "http://icc2017.ieee-icc.org/",

}

RIS

TY - GEN

T1 - Distributed, multi-level network anomaly detection for datacentre networks

AU - Iordache, Mircea

AU - Jouet, Simon

AU - Marnerides, Angelos

AU - Pezaros, Dimitrios

N1 - ©2017 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

PY - 2017/7/31

Y1 - 2017/7/31

N2 - Over the past decade, numerous systems have been proposed to detect and subsequently prevent or mitigate security vulnerabilities. However, many existing intrusion or anomaly detection solutions are limited to a subset of the traffic due to scalability issues, hence failing to operate at line-rate on large, high-speed datacentre networks. In this paper, we present a two-level solution for anomaly detection leveraging independent execution and message passing semantics. We employ these constructs within a network-wide distributed anomaly detection framework that allows for greater detection accuracy and bandwidth cost saving through attack path reconstruction. Experimental results using real operational traffic traces and known network attacks generated through the Pytbull IDS evaluation framework, show that our approach is capable of detecting anomalies in a timely manner while allowing reconstruction of the attack path, hence further enabling the composition of advanced mitigation strategies. The resulting system shows high detection accuracy when compared to similar techniques, at least 20% better at detecting anomalies, and enables full path reconstruction even at small-to-moderate attack traffic intensities (as a fraction of the total traffic), saving up to 75% of bandwidth due to early attack detection.

AB - Over the past decade, numerous systems have been proposed to detect and subsequently prevent or mitigate security vulnerabilities. However, many existing intrusion or anomaly detection solutions are limited to a subset of the traffic due to scalability issues, hence failing to operate at line-rate on large, high-speed datacentre networks. In this paper, we present a two-level solution for anomaly detection leveraging independent execution and message passing semantics. We employ these constructs within a network-wide distributed anomaly detection framework that allows for greater detection accuracy and bandwidth cost saving through attack path reconstruction. Experimental results using real operational traffic traces and known network attacks generated through the Pytbull IDS evaluation framework, show that our approach is capable of detecting anomalies in a timely manner while allowing reconstruction of the attack path, hence further enabling the composition of advanced mitigation strategies. The resulting system shows high detection accuracy when compared to similar techniques, at least 20% better at detecting anomalies, and enables full path reconstruction even at small-to-moderate attack traffic intensities (as a fraction of the total traffic), saving up to 75% of bandwidth due to early attack detection.

U2 - 10.1109/ICC.2017.7996569

DO - 10.1109/ICC.2017.7996569

M3 - Conference contribution/Paper

SN - 9781467390002

BT - IEEE International Conference on Communications (ICC) 2017

PB - IEEE

T2 - IEEE ICC 2017: IEEE International Conference in Comunications

Y2 - 21 May 2017 through 25 May 2017

ER -