A comparison between divergence measures for network anomaly detection

This paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are...

Full description

Saved in:
Bibliographic Details
Main Authors: Tajer, J., Makke, A., Salem, O., Mehaoua, A.
Format: Conference Proceeding
Language:English
Subjects:
Accuracy
Chi-Square Divergence
Data structures
DDoS
Hellinger Distance
High definition video
IP networks
K-ary Sketch
Probability distribution
Radiation detectors
TCP SYN Flooding
Time series analysis
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 5
container_issue
container_start_page 1
container_title
container_volume
creator Tajer, J.
Makke, A.
Salem, O.
Mehaoua, A.
description This paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are investigated in terms of true positive and false alarm ratio. A particular focus will be on how to use these measures over Sketch data structure, and which measure provides the best detection accuracy. We conduct performance analysis over publicly available real IP traces (MAWI) collected from the WIDE backbone network. Our experimental results show that Chi-square divergence outperforms Hellinger distance in network anomalies detection.
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6104013</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6104013</ieee_id><sourcerecordid>6104013</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-80bd7a74e2769b510af818d1bc6d848912ab8fa60fef7b30742d6c7ed8a2e23</originalsourceid><addsrcrecordid>eNotjM1KAzEYACMqWGufwEteYCH_-XIsxapQEMR7STZfJNpNSrIqfXsLeprDDHNBbqVjHEAoBZdk5Sxwpa3lGkBdkYXgRg_OMH1DVr1_MMbkOXagF2S7pmOdjr7lXgsNOP8gFhrzN7Z3LCPSCX3_athpqo2Ws6_tk_pSJ3840YgzjnOu5Y5cJ3_ouPrnkrxuH942T8Pu5fF5s94N2bF5ABai9VahsMYFzZlPwCHyMJoIChwXPkDyhiVMNkhmlYhmtBjBCxRySe7_phkR98eWJ99Oe8OZYlzKX95oSV4</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A comparison between divergence measures for network anomaly detection</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Tajer, J. ; Makke, A. ; Salem, O. ; Mehaoua, A.</creator><creatorcontrib>Tajer, J. ; Makke, A. ; Salem, O. ; Mehaoua, A.</creatorcontrib><description>This paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are investigated in terms of true positive and false alarm ratio. A particular focus will be on how to use these measures over Sketch data structure, and which measure provides the best detection accuracy. We conduct performance analysis over publicly available real IP traces (MAWI) collected from the WIDE backbone network. Our experimental results show that Chi-square divergence outperforms Hellinger distance in network anomalies detection.</description><identifier>ISSN: 2165-9605</identifier><identifier>ISBN: 9781457715884</identifier><identifier>ISBN: 1457715880</identifier><identifier>EISBN: 3901882448</identifier><identifier>EISBN: 9783901882449</identifier><language>eng</language><publisher>IEEE</publisher><subject>Accuracy ; Chi-Square Divergence ; Data structures ; DDoS ; Hellinger Distance ; High definition video ; IP networks ; K-ary Sketch ; Probability distribution ; Radiation detectors ; TCP SYN Flooding ; Time series analysis</subject><ispartof>2011 7th International Conference on Network and Service Management, 2011, p.1-5</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6104013$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,54555,54920,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6104013$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Tajer, J.</creatorcontrib><creatorcontrib>Makke, A.</creatorcontrib><creatorcontrib>Salem, O.</creatorcontrib><creatorcontrib>Mehaoua, A.</creatorcontrib><title>A comparison between divergence measures for network anomaly detection</title><title>2011 7th International Conference on Network and Service Management</title><addtitle>CNSM</addtitle><description>This paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are investigated in terms of true positive and false alarm ratio. A particular focus will be on how to use these measures over Sketch data structure, and which measure provides the best detection accuracy. We conduct performance analysis over publicly available real IP traces (MAWI) collected from the WIDE backbone network. Our experimental results show that Chi-square divergence outperforms Hellinger distance in network anomalies detection.</description><subject>Accuracy</subject><subject>Chi-Square Divergence</subject><subject>Data structures</subject><subject>DDoS</subject><subject>Hellinger Distance</subject><subject>High definition video</subject><subject>IP networks</subject><subject>K-ary Sketch</subject><subject>Probability distribution</subject><subject>Radiation detectors</subject><subject>TCP SYN Flooding</subject><subject>Time series analysis</subject><issn>2165-9605</issn><isbn>9781457715884</isbn><isbn>1457715880</isbn><isbn>3901882448</isbn><isbn>9783901882449</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjM1KAzEYACMqWGufwEteYCH_-XIsxapQEMR7STZfJNpNSrIqfXsLeprDDHNBbqVjHEAoBZdk5Sxwpa3lGkBdkYXgRg_OMH1DVr1_MMbkOXagF2S7pmOdjr7lXgsNOP8gFhrzN7Z3LCPSCX3_athpqo2Ws6_tk_pSJ3840YgzjnOu5Y5cJ3_ouPrnkrxuH942T8Pu5fF5s94N2bF5ABai9VahsMYFzZlPwCHyMJoIChwXPkDyhiVMNkhmlYhmtBjBCxRySe7_phkR98eWJ99Oe8OZYlzKX95oSV4</recordid><startdate>201110</startdate><enddate>201110</enddate><creator>Tajer, J.</creator><creator>Makke, A.</creator><creator>Salem, O.</creator><creator>Mehaoua, A.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201110</creationdate><title>A comparison between divergence measures for network anomaly detection</title><author>Tajer, J. ; Makke, A. ; Salem, O. ; Mehaoua, A.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-80bd7a74e2769b510af818d1bc6d848912ab8fa60fef7b30742d6c7ed8a2e23</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Accuracy</topic><topic>Chi-Square Divergence</topic><topic>Data structures</topic><topic>DDoS</topic><topic>Hellinger Distance</topic><topic>High definition video</topic><topic>IP networks</topic><topic>K-ary Sketch</topic><topic>Probability distribution</topic><topic>Radiation detectors</topic><topic>TCP SYN Flooding</topic><topic>Time series analysis</topic><toplevel>online_resources</toplevel><creatorcontrib>Tajer, J.</creatorcontrib><creatorcontrib>Makke, A.</creatorcontrib><creatorcontrib>Salem, O.</creatorcontrib><creatorcontrib>Mehaoua, A.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE/IET Electronic Library</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Tajer, J.</au><au>Makke, A.</au><au>Salem, O.</au><au>Mehaoua, A.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A comparison between divergence measures for network anomaly detection</atitle><btitle>2011 7th International Conference on Network and Service Management</btitle><stitle>CNSM</stitle><date>2011-10</date><risdate>2011</risdate><spage>1</spage><epage>5</epage><pages>1-5</pages><issn>2165-9605</issn><isbn>9781457715884</isbn><isbn>1457715880</isbn><eisbn>3901882448</eisbn><eisbn>9783901882449</eisbn><abstract>This paper deals with the detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks. We compare 2 divergence measures (Hellinger distance and Chi-square divergence) to analyze their detection accuracy. The performance of these statistical divergence measures are investigated in terms of true positive and false alarm ratio. A particular focus will be on how to use these measures over Sketch data structure, and which measure provides the best detection accuracy. We conduct performance analysis over publicly available real IP traces (MAWI) collected from the WIDE backbone network. Our experimental results show that Chi-square divergence outperforms Hellinger distance in network anomalies detection.</abstract><pub>IEEE</pub><tpages>5</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2165-9605
ispartof 2011 7th International Conference on Network and Service Management, 2011, p.1-5
issn 2165-9605
language eng
recordid cdi_ieee_primary_6104013
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Accuracy
Chi-Square Divergence
Data structures
DDoS
Hellinger Distance
High definition video
IP networks
K-ary Sketch
Probability distribution
Radiation detectors
TCP SYN Flooding
Time series analysis
title A comparison between divergence measures for network anomaly detection
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T21%3A34%3A24IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20comparison%20between%20divergence%20measures%20for%20network%20anomaly%20detection&rft.btitle=2011%207th%20International%20Conference%20on%20Network%20and%20Service%20Management&rft.au=Tajer,%20J.&rft.date=2011-10&rft.spage=1&rft.epage=5&rft.pages=1-5&rft.issn=2165-9605&rft.isbn=9781457715884&rft.isbn_list=1457715880&rft_id=info:doi/&rft.eisbn=3901882448&rft.eisbn_list=9783901882449&rft_dat=%3Cieee_6IE%3E6104013%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i90t-80bd7a74e2769b510af818d1bc6d848912ab8fa60fef7b30742d6c7ed8a2e23%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6104013&rfr_iscdi=true