Nonparametric change point detection algorithms and applications in data networks.
| Main Author: | |
|---|---|
| Publication Date: | 2004 |
| Format: | Master thesis |
| Language: | eng |
| Source: | Biblioteca Digital de Teses e Dissertações do ITA |
| Download full: | http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=110 |
Summary: | Nonparametric change point detection algorithms have been applied in intrusion detection problems and network management. Specifically, applications considering denial of service detection and traffic control are focused in this work. The algorithms studied are inspired by the CUSUM (Cumulative Sum) and SP (Shiryaev-Pollak) parametric procedures. New nonparametric sequential and batch-sequential SP inspired algorithms are introduced and they are compared with existent solutions based on CUSUM procedure in terms of the evolution of the test sequences and the detection threshold using real data containing denial of service attacks with different patterns. The results show that our sequential approach generally has better performance concerning the detection delay and false alarm rate, while our batchsequential approach can decrease the false alarm rate when they are compared to their analogous CUSUM inspired procedures. In terms of traffic control, the Leaky Bucket (LB) algorithm, the most popular traffic regulation mechanism, is proved to be a kind of CUSUM procedure. This new interpretation and the mathematical framework introduced provided a simple compact notation for this algorithm. In addition, it was possible to interpret the Fractal LB (FLB), a traffic regulator developed to deal with self-similar traffic, as a sequential test. A modification in the FLB algorithm is made, resulting in an algorithm with improved performance in terms of number of well-behaved cells marked with lower priority or discarded and punishment of bad-behaved cells. Finally, the self-similarity influence on the nonparametric sequential algorithms under study is analyzed. The consideration of the selfsimilar nature of the traffic plays a crucial role in the performance and thresholds of these algorithms. In this work, it is presented an approach to improve the performance of the nonparametric sequential CUSUM based procedure in the presence of self-similar traffic. |
| id |
ITA_c418affd0864679965fc34dcf29f2b08 |
|---|---|
| oai_identifier_str |
oai:agregador.ibict.br.BDTD_ITA:oai:ita.br:110 |
| network_acronym_str |
ITA |
| network_name_str |
Biblioteca Digital de Teses e Dissertações do ITA |
| spelling |
Nonparametric change point detection algorithms and applications in data networks.Redes de computadoresSegurança de computadoresControle de acessoAlgoritmosDetecção de intrusão (computadores)Transmissão de dadosTelecomunicaçõesComputaçãoEngenharia eletrônicaNonparametric change point detection algorithms have been applied in intrusion detection problems and network management. Specifically, applications considering denial of service detection and traffic control are focused in this work. The algorithms studied are inspired by the CUSUM (Cumulative Sum) and SP (Shiryaev-Pollak) parametric procedures. New nonparametric sequential and batch-sequential SP inspired algorithms are introduced and they are compared with existent solutions based on CUSUM procedure in terms of the evolution of the test sequences and the detection threshold using real data containing denial of service attacks with different patterns. The results show that our sequential approach generally has better performance concerning the detection delay and false alarm rate, while our batchsequential approach can decrease the false alarm rate when they are compared to their analogous CUSUM inspired procedures. In terms of traffic control, the Leaky Bucket (LB) algorithm, the most popular traffic regulation mechanism, is proved to be a kind of CUSUM procedure. This new interpretation and the mathematical framework introduced provided a simple compact notation for this algorithm. In addition, it was possible to interpret the Fractal LB (FLB), a traffic regulator developed to deal with self-similar traffic, as a sequential test. A modification in the FLB algorithm is made, resulting in an algorithm with improved performance in terms of number of well-behaved cells marked with lower priority or discarded and punishment of bad-behaved cells. Finally, the self-similarity influence on the nonparametric sequential algorithms under study is analyzed. The consideration of the selfsimilar nature of the traffic plays a crucial role in the performance and thresholds of these algorithms. In this work, it is presented an approach to improve the performance of the nonparametric sequential CUSUM based procedure in the presence of self-similar traffic. Instituto Tecnológico de AeronáuticaAlessandro AnzaloniHellinton Hatsuo Takada2004-00-00info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesishttp://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=110reponame:Biblioteca Digital de Teses e Dissertações do ITAinstname:Instituto Tecnológico de Aeronáuticainstacron:ITAenginfo:eu-repo/semantics/openAccessapplication/pdf2019-02-02T14:01:40Zoai:agregador.ibict.br.BDTD_ITA:oai:ita.br:110http://oai.bdtd.ibict.br/requestopendoar:null2020-05-28 19:32:17.684Biblioteca Digital de Teses e Dissertações do ITA - Instituto Tecnológico de Aeronáuticatrue |
| dc.title.none.fl_str_mv |
Nonparametric change point detection algorithms and applications in data networks. |
| title |
Nonparametric change point detection algorithms and applications in data networks. |
| spellingShingle |
Nonparametric change point detection algorithms and applications in data networks. Hellinton Hatsuo Takada Redes de computadores Segurança de computadores Controle de acesso Algoritmos Detecção de intrusão (computadores) Transmissão de dados Telecomunicações Computação Engenharia eletrônica |
| title_short |
Nonparametric change point detection algorithms and applications in data networks. |
| title_full |
Nonparametric change point detection algorithms and applications in data networks. |
| title_fullStr |
Nonparametric change point detection algorithms and applications in data networks. |
| title_full_unstemmed |
Nonparametric change point detection algorithms and applications in data networks. |
| title_sort |
Nonparametric change point detection algorithms and applications in data networks. |
| author |
Hellinton Hatsuo Takada |
| author_facet |
Hellinton Hatsuo Takada |
| author_role |
author |
| dc.contributor.none.fl_str_mv |
Alessandro Anzaloni |
| dc.contributor.author.fl_str_mv |
Hellinton Hatsuo Takada |
| dc.subject.por.fl_str_mv |
Redes de computadores Segurança de computadores Controle de acesso Algoritmos Detecção de intrusão (computadores) Transmissão de dados Telecomunicações Computação Engenharia eletrônica |
| topic |
Redes de computadores Segurança de computadores Controle de acesso Algoritmos Detecção de intrusão (computadores) Transmissão de dados Telecomunicações Computação Engenharia eletrônica |
| dc.description.none.fl_txt_mv |
Nonparametric change point detection algorithms have been applied in intrusion detection problems and network management. Specifically, applications considering denial of service detection and traffic control are focused in this work. The algorithms studied are inspired by the CUSUM (Cumulative Sum) and SP (Shiryaev-Pollak) parametric procedures. New nonparametric sequential and batch-sequential SP inspired algorithms are introduced and they are compared with existent solutions based on CUSUM procedure in terms of the evolution of the test sequences and the detection threshold using real data containing denial of service attacks with different patterns. The results show that our sequential approach generally has better performance concerning the detection delay and false alarm rate, while our batchsequential approach can decrease the false alarm rate when they are compared to their analogous CUSUM inspired procedures. In terms of traffic control, the Leaky Bucket (LB) algorithm, the most popular traffic regulation mechanism, is proved to be a kind of CUSUM procedure. This new interpretation and the mathematical framework introduced provided a simple compact notation for this algorithm. In addition, it was possible to interpret the Fractal LB (FLB), a traffic regulator developed to deal with self-similar traffic, as a sequential test. A modification in the FLB algorithm is made, resulting in an algorithm with improved performance in terms of number of well-behaved cells marked with lower priority or discarded and punishment of bad-behaved cells. Finally, the self-similarity influence on the nonparametric sequential algorithms under study is analyzed. The consideration of the selfsimilar nature of the traffic plays a crucial role in the performance and thresholds of these algorithms. In this work, it is presented an approach to improve the performance of the nonparametric sequential CUSUM based procedure in the presence of self-similar traffic. |
| description |
Nonparametric change point detection algorithms have been applied in intrusion detection problems and network management. Specifically, applications considering denial of service detection and traffic control are focused in this work. The algorithms studied are inspired by the CUSUM (Cumulative Sum) and SP (Shiryaev-Pollak) parametric procedures. New nonparametric sequential and batch-sequential SP inspired algorithms are introduced and they are compared with existent solutions based on CUSUM procedure in terms of the evolution of the test sequences and the detection threshold using real data containing denial of service attacks with different patterns. The results show that our sequential approach generally has better performance concerning the detection delay and false alarm rate, while our batchsequential approach can decrease the false alarm rate when they are compared to their analogous CUSUM inspired procedures. In terms of traffic control, the Leaky Bucket (LB) algorithm, the most popular traffic regulation mechanism, is proved to be a kind of CUSUM procedure. This new interpretation and the mathematical framework introduced provided a simple compact notation for this algorithm. In addition, it was possible to interpret the Fractal LB (FLB), a traffic regulator developed to deal with self-similar traffic, as a sequential test. A modification in the FLB algorithm is made, resulting in an algorithm with improved performance in terms of number of well-behaved cells marked with lower priority or discarded and punishment of bad-behaved cells. Finally, the self-similarity influence on the nonparametric sequential algorithms under study is analyzed. The consideration of the selfsimilar nature of the traffic plays a crucial role in the performance and thresholds of these algorithms. In this work, it is presented an approach to improve the performance of the nonparametric sequential CUSUM based procedure in the presence of self-similar traffic. |
| publishDate |
2004 |
| dc.date.none.fl_str_mv |
2004-00-00 |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/publishedVersion info:eu-repo/semantics/masterThesis |
| status_str |
publishedVersion |
| format |
masterThesis |
| dc.identifier.uri.fl_str_mv |
http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=110 |
| url |
http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=110 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Instituto Tecnológico de Aeronáutica |
| publisher.none.fl_str_mv |
Instituto Tecnológico de Aeronáutica |
| dc.source.none.fl_str_mv |
reponame:Biblioteca Digital de Teses e Dissertações do ITA instname:Instituto Tecnológico de Aeronáutica instacron:ITA |
| reponame_str |
Biblioteca Digital de Teses e Dissertações do ITA |
| collection |
Biblioteca Digital de Teses e Dissertações do ITA |
| instname_str |
Instituto Tecnológico de Aeronáutica |
| instacron_str |
ITA |
| institution |
ITA |
| repository.name.fl_str_mv |
Biblioteca Digital de Teses e Dissertações do ITA - Instituto Tecnológico de Aeronáutica |
| repository.mail.fl_str_mv |
|
| subject_por_txtF_mv |
Redes de computadores Segurança de computadores Controle de acesso Algoritmos Detecção de intrusão (computadores) Transmissão de dados Telecomunicações Computação Engenharia eletrônica |
| _version_ |
1706809253599117312 |