Detalhes bibliográficos
| Ano de defesa: |
2004 |
| Autor(a) principal: |
Hellinton Hatsuo Takada |
| Orientador(a): |
Não Informado pela instituição |
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
eng |
| Instituição de defesa: |
Instituto Tecnológico de Aeronáutica
|
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: |
|
| Link de acesso: |
http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=110
|
Resumo: |
Nonparametric change point detection algorithms have been applied in intrusion detection problems and network management. Specifically, applications considering denial of service detection and traffic control are focused in this work. The algorithms studied are inspired by the CUSUM (Cumulative Sum) and SP (Shiryaev-Pollak) parametric procedures. New nonparametric sequential and batch-sequential SP inspired algorithms are introduced and they are compared with existent solutions based on CUSUM procedure in terms of the evolution of the test sequences and the detection threshold using real data containing denial of service attacks with different patterns. The results show that our sequential approach generally has better performance concerning the detection delay and false alarm rate, while our batchsequential approach can decrease the false alarm rate when they are compared to their analogous CUSUM inspired procedures. In terms of traffic control, the Leaky Bucket (LB) algorithm, the most popular traffic regulation mechanism, is proved to be a kind of CUSUM procedure. This new interpretation and the mathematical framework introduced provided a simple compact notation for this algorithm. In addition, it was possible to interpret the Fractal LB (FLB), a traffic regulator developed to deal with self-similar traffic, as a sequential test. A modification in the FLB algorithm is made, resulting in an algorithm with improved performance in terms of number of well-behaved cells marked with lower priority or discarded and punishment of bad-behaved cells. Finally, the self-similarity influence on the nonparametric sequential algorithms under study is analyzed. The consideration of the selfsimilar nature of the traffic plays a crucial role in the performance and thresholds of these algorithms. In this work, it is presented an approach to improve the performance of the nonparametric sequential CUSUM based procedure in the presence of self-similar traffic. |
