WEKO3
アイテム
Increasing Reliability in Network Traffic Anomaly Detection
https://ir.soken.ac.jp/records/2686
https://ir.soken.ac.jp/records/2686ce7f41a0-419d-4ae6-9bec-047354defabb
名前 / ファイル | ライセンス | アクション |
---|---|---|
要旨・審査要旨 (261.4 kB)
|
||
本文 (7.9 MB)
|
Item type | 学位論文 / Thesis or Dissertation(1) | |||||
---|---|---|---|---|---|---|
公開日 | 2012-04-02 | |||||
タイトル | ||||||
タイトル | Increasing Reliability in Network Traffic Anomaly Detection | |||||
タイトル | ||||||
タイトル | Increasing Reliability in Network Traffic Anomaly Detection | |||||
言語 | en | |||||
言語 | ||||||
言語 | eng | |||||
資源タイプ | ||||||
資源タイプ識別子 | http://purl.org/coar/resource_type/c_46ec | |||||
資源タイプ | thesis | |||||
著者名 |
FONTUGNE, Romain Thibault
× FONTUGNE, Romain Thibault |
|||||
フリガナ |
フォンテュニュ, ロマン ティボ
× フォンテュニュ, ロマン ティボ |
|||||
著者 |
FONTUGNE, Romain Thibault
× FONTUGNE, Romain Thibault |
|||||
学位授与機関 | ||||||
学位授与機関名 | 総合研究大学院大学 | |||||
学位名 | ||||||
学位名 | 博士(情報学) | |||||
学位記番号 | ||||||
内容記述タイプ | Other | |||||
内容記述 | 総研大甲第1456号 | |||||
研究科 | ||||||
値 | 複合科学研究科 | |||||
専攻 | ||||||
値 | 17 情報学専攻 | |||||
学位授与年月日 | ||||||
学位授与年月日 | 2011-09-30 | |||||
学位授与年度 | ||||||
値 | 2011 | |||||
要旨 | ||||||
内容記述タイプ | Other | |||||
内容記述 | Network traffic anomalies stand for a large fraction of the Internet traffic and compromise the performance of the network resources. Detecting and diagnos- ing these threats is a laborious and time consuming task that network operators face daily. During the last decade researchers have concentrated their efforts on this problem and proposed several tools to automate this task. Thereby, recent advances in anomaly detection have permitted to detect new or unknown anomalies by taking advantage of statistical analysis of the traffic. In spite of the advantages of these detection methods, researchers have reported several common drawbacks discrediting their use in practice. Indeed, the challenge of understanding the relation between the theory underlying these methods and the actual Internet traffic raises several issues. For example, the difficulty of selecting the optimal parameter set for these methods mitigates their perfor- mance and prevent network operators from using them. Moreover, due to the lack of ground truth data, approximate evaluations of these detection methods prevent to provide accurate feedback on them and increase their reliability. We address these issues, first, by proposing a pattern-recognition-based detection method that overcomes the common drawbacks of anomaly detectors based on statistical analysis, second, by providing both a benchmark tool that compares the results from diverse detectors and ground truth data obtained by combining several anomaly detectors. The proposed pattern-recognition-based detector takes advantage of image processing techniques to provide intuitive outputs and parameter set. An adap- tive mechanism automatically tuning its parameter set according to traffic fluc- tuations is also proposed. The resulting adaptive anomaly detector is easily usable in practice, performs a high detection rate, and provides intuitive de- scription of the anomalies allowing to identify their root causes. A benchmark methodology is also developed in order to compare several detectors based on different theoretical background. This methodology allows researchers to accurately identify the differences between the results of diverse detectors. We employ this methodology along with an unsupervised combina- tion strategy to combine the output of four anomaly detectors. Thereby, the combination strategy increases the overall reliability of the combined detectors and it detects two times more anomalies than the best detector. We provide the results of this combination of detectors in the form of ground truth data containing various anomalies during 10 years of traffic. |
|||||
所蔵 | ||||||
値 | 有 | |||||
フォーマット | ||||||
内容記述タイプ | Other | |||||
内容記述 | application/pdf |