Garofalo, Mauro
(2017)
Big Data Analytics for Flow-based Anomaly Detection in High-Speed Networks.
[Tesi di dottorato]
| Tipologia del documento: |
Tesi di dottorato
|
| Lingua: |
English |
| Titolo: |
Big Data Analytics for Flow-based Anomaly Detection in High-Speed Networks |
| Autori: |
| Autore | Email |
|---|
| Garofalo, Mauro | mauro.garofalo@unina.it |
|
| Data: |
Maggio 2017 |
| Istituzione: |
Università degli Studi di Napoli Federico II |
| Dipartimento: |
Ingegneria Elettrica e delle Tecnologie dell'Informazione |
| Dottorato: |
Information technology and electrical engineering |
| Ciclo di dottorato: |
29 |
| Coordinatore del Corso di dottorato: |
| nome | email |
|---|
| Riccio, Daniele | daniele.riccio@unina.it |
|
| Tutor: |
| nome | email |
|---|
| Ventre, Giorgio | [non definito] |
|
| Data: |
Maggio 2017 |
| Parole chiave: |
Big Data, Network Security |
| Settori scientifico-disciplinari del MIUR: |
Area 09 - Ingegneria industriale e dell'informazione > ING-INF/05 - Sistemi di elaborazione delle informazioni |
[error in script]
[error in script]
| Depositato il: |
08 Mag 2017 21:31 |
| Ultima modifica: |
08 Mar 2018 13:29 |
| URI: |
http://www.fedoa.unina.it/id/eprint/11784 |
| DOI: |
10.6093/UNINA/FEDOA/11784 |
Abstract
The Cisco VNI Complete Forecast Highlights clearly states that the Internet traffic is growing in three different directions, Volume, Velocity, and Variety, bringing computer network into the big data era. At the same time, sophisticated network attacks are growing exponentially.
Such growth making the existing signature-based security tools, like firewall and traditional intrusion detection systems, ineffective against new kind of attacks or variations of known attacks. In this dissertation, we propose an unsupervised method for network anomaly detection. This method is able to detect unknown and new malicious activities in high-speed network traffic. Our method uses an innovative detection algorithm able to identify the hosts responsible for anomalous flows by using a new statistical feature related to traffic flow. This feature is defined as the ratio between the number of flows generated by a host and the number of flows it receives. We evaluate our method with real backbone traffic traces from the Measurement and Analysis on the WIDE Internet (MAWI) archive. Furthermore, we compare the results of our method with MAWILab archive, a database that assists researchers to evaluate their traffic anomaly detection methods. The results point out that our method achieves an average positive prediction rate (i.e. Precision) of 90\% outperforming the four MAWILab detection methods in terms of false negative rate. We deploy three cluster configurations to evaluate the horizontal and vertical scalability performance of the proposed architecture and our method shows outstanding performance in terms of response time.
Downloads per month over past year
Actions (login required)
 |
Modifica documento |
