Garofalo, Mauro (2017) Big Data Analytics for Flow-based Anomaly Detection in High-Speed Networks. [Tesi di dottorato]

[img]
Anteprima
Testo
thesis.pdf

Download (2MB) | Anteprima
[error in script] [error in script]
Tipologia del documento: Tesi di dottorato
Lingua: English
Titolo: Big Data Analytics for Flow-based Anomaly Detection in High-Speed Networks
Autori:
AutoreEmail
Garofalo, Mauromauro.garofalo@unina.it
Data: Maggio 2017
Istituzione: Università degli Studi di Napoli Federico II
Dipartimento: Ingegneria Elettrica e delle Tecnologie dell'Informazione
Dottorato: Information technology and electrical engineering
Ciclo di dottorato: 29
Coordinatore del Corso di dottorato:
nomeemail
Riccio, Danieledaniele.riccio@unina.it
Tutor:
nomeemail
Ventre, Giorgio[non definito]
Data: Maggio 2017
Parole chiave: Big Data, Network Security
Settori scientifico-disciplinari del MIUR: Area 09 - Ingegneria industriale e dell'informazione > ING-INF/05 - Sistemi di elaborazione delle informazioni
Depositato il: 08 Mag 2017 21:31
Ultima modifica: 08 Mar 2018 13:29
URI: http://www.fedoa.unina.it/id/eprint/11784
DOI: 10.6093/UNINA/FEDOA/11784

Abstract

The Cisco VNI Complete Forecast Highlights clearly states that the Internet traffic is growing in three different directions, Volume, Velocity, and Variety, bringing computer network into the big data era. At the same time, sophisticated network attacks are growing exponentially. Such growth making the existing signature-based security tools, like firewall and traditional intrusion detection systems, ineffective against new kind of attacks or variations of known attacks. In this dissertation, we propose an unsupervised method for network anomaly detection. This method is able to detect unknown and new malicious activities in high-speed network traffic. Our method uses an innovative detection algorithm able to identify the hosts responsible for anomalous flows by using a new statistical feature related to traffic flow. This feature is defined as the ratio between the number of flows generated by a host and the number of flows it receives. We evaluate our method with real backbone traffic traces from the Measurement and Analysis on the WIDE Internet (MAWI) archive. Furthermore, we compare the results of our method with MAWILab archive, a database that assists researchers to evaluate their traffic anomaly detection methods. The results point out that our method achieves an average positive prediction rate (i.e. Precision) of 90\% outperforming the four MAWILab detection methods in terms of false negative rate. We deploy three cluster configurations to evaluate the horizontal and vertical scalability performance of the proposed architecture and our method shows outstanding performance in terms of response time.

Actions (login required)

Modifica documento Modifica documento