Garofalo, Mauro (2017) Big Data Analytics for Flow-based Anomaly Detection in High-Speed Networks. [Tesi di dottorato]

[img]
Preview
Text
thesis.pdf

Download (2MB) | Preview
[error in script] [error in script]
Item Type: Tesi di dottorato
Lingua: English
Title: Big Data Analytics for Flow-based Anomaly Detection in High-Speed Networks
Creators:
CreatorsEmail
Garofalo, Mauromauro.garofalo@unina.it
Date: May 2017
Institution: Università degli Studi di Napoli Federico II
Department: Ingegneria Elettrica e delle Tecnologie dell'Informazione
Dottorato: Information technology and electrical engineering
Ciclo di dottorato: 29
Coordinatore del Corso di dottorato:
nomeemail
Riccio, Danieledaniele.riccio@unina.it
Tutor:
nomeemail
Ventre, GiorgioUNSPECIFIED
Date: May 2017
Uncontrolled Keywords: Big Data, Network Security
Settori scientifico-disciplinari del MIUR: Area 09 - Ingegneria industriale e dell'informazione > ING-INF/05 - Sistemi di elaborazione delle informazioni
Date Deposited: 08 May 2017 21:31
Last Modified: 08 Mar 2018 13:29
URI: http://www.fedoa.unina.it/id/eprint/11784
DOI: 10.6093/UNINA/FEDOA/11784

Abstract

The Cisco VNI Complete Forecast Highlights clearly states that the Internet traffic is growing in three different directions, Volume, Velocity, and Variety, bringing computer network into the big data era. At the same time, sophisticated network attacks are growing exponentially. Such growth making the existing signature-based security tools, like firewall and traditional intrusion detection systems, ineffective against new kind of attacks or variations of known attacks. In this dissertation, we propose an unsupervised method for network anomaly detection. This method is able to detect unknown and new malicious activities in high-speed network traffic. Our method uses an innovative detection algorithm able to identify the hosts responsible for anomalous flows by using a new statistical feature related to traffic flow. This feature is defined as the ratio between the number of flows generated by a host and the number of flows it receives. We evaluate our method with real backbone traffic traces from the Measurement and Analysis on the WIDE Internet (MAWI) archive. Furthermore, we compare the results of our method with MAWILab archive, a database that assists researchers to evaluate their traffic anomaly detection methods. The results point out that our method achieves an average positive prediction rate (i.e. Precision) of 90\% outperforming the four MAWILab detection methods in terms of false negative rate. We deploy three cluster configurations to evaluate the horizontal and vertical scalability performance of the proposed architecture and our method shows outstanding performance in terms of response time.

Actions (login required)

View Item View Item