Nowadays, network intrusion detectors mainly rely on knowledge databases to detect suspicious traffic. These databases have to be continuously updated which requires important human resources and time. Unsupervised network anomaly detectors overcome this issue by using "intelligent" techniques to identify anomalies without any prior knowledge. However, these systems are often very complex as they need to explore the network traffic to identify flows patterns. Therefore, they are often unable to meet real-time requirements. In this paper, we present a new Online and Real-time Unsupervised Network Anomaly Detection Algorithm: ORUNADA. Our solution relies on a discrete time-sliding window to update continuously the feature space and an incremental grid clustering to detect rapidly the anomalies. The evaluations showed that ORUNADA can process online large network traffic while ensuring a low detection delay and good detection performance. The experiments performed on the traffic of a core network of a Spanish intermediate Internet service provider demonstrated that ORUNADA detects in less than half a second an anomaly after its occurrence. Furthermore, the results highlight that our solution outperforms in terms of TPR and FPR existing techniques reported in the literature.
Abstract. UAV Ad hoc NETwork (UAANET) is a subset of the wellknown Mobile Ad-hoc NETworks (MANETs). It consists of forming an ad hoc network with multiple small Unmanned Aerial Vehicles (UAVs) and the Ground Control Station (GCS). Similar to MANETs, the UAANET communication architecture is infrastructure-less and self-configuring network of several nodes forwarding data packets. However, it also has some specific features that brings challenges on network connectivity. Consequently, an adapted routing protocol is needed to exchange data packets within UAANETs. In this paper, we introduce a new hybrid experimental system that can evaluate different types of adhoc routing protocols under a realistic UAANET scenario. It is based on virtual machines and the Virtualmesh [1] framework to emulate physical aspects. We evaluated AODV, DSR and OLSR efficiency in a realistic scenario with three UAVs scanning an area. Our results show that AODV outperformed OLSR and DSR.
International audienceNetwork anomaly detection relies on intrusion detection systems based on knowledge databases. However, building this knowledge may take time as it requires manual inspection of experts. Actual detection systems are unable to deal with 0-day attack or new user's behavior and in consequence they may fail in correctly detecting intrusions. Unsu-pervised network anomaly detectors overcome this issue as no previous knowledge is required. In counterpart, these systems may be very slow as they need to learn trac's pattern in order to acquire the necessary knowledge to detect anomalous ows. To improve speed, these systems are often only exposed to sampled trac, harmful trac may then avoid the detector examination. In this paper, we propose to take advantage of new distributed computing framework in order to speed up an Unsuper-vised Network Anomaly Detector Algorithm, UNADA. The evaluation shows that the execution time can be improved by a factor of 13 allowing UNADA to process large traces of trac in real time
As Distributed Denial of Service (DDoS) attack are still a severe threat for the Internet stakeholders, they should be detected with efficient tools meeting industrial requirements. We previously introduced the AATAC detector, which showed its ability to accurately detect DDoS attacks in real time on full traffic, while being able to cope with the several constraints due to an industrial operation, as time to detect, limited resources for running detection algorithms, detection autonomy for not wasting uselessly administrators' time. However, in a realistic scenario, network monitoring is done using sampled traffic. Such sampling may impact the detection accuracy or the pertinence of produced results. Consequently, in this paper, we evaluate AATAC over sampled traffic. We use five different count-based or time-based sampling techniques, and show that AATAC's resources consumption is in general greatly reduced with little to no impact on the detection accuracy. Obtained results are succinctly compared with those from FastNetMon, an open-source threshold-based DDoS detector.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.