Distributed, multi-level network anomaly detection for datacentre networks

Iordache, Mircea and Jouet, Simon and Marnerides, Angelos and Pezaros, Dimitrios (2017) Distributed, multi-level network anomaly detection for datacentre networks. In: IEEE International Conference on Communications (ICC) 2017 :. IEEE, FRA. ISBN 9781467390002

[thumbnail of IEEE_ICC2017_crc]
PDF (IEEE_ICC2017_crc)
IEEE_ICC2017_crc.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.

Download (243kB)


Over the past decade, numerous systems have been proposed to detect and subsequently prevent or mitigate security vulnerabilities. However, many existing intrusion or anomaly detection solutions are limited to a subset of the traffic due to scalability issues, hence failing to operate at line-rate on large, high-speed datacentre networks. In this paper, we present a two-level solution for anomaly detection leveraging independent execution and message passing semantics. We employ these constructs within a network-wide distributed anomaly detection framework that allows for greater detection accuracy and bandwidth cost saving through attack path reconstruction. Experimental results using real operational traffic traces and known network attacks generated through the Pytbull IDS evaluation framework, show that our approach is capable of detecting anomalies in a timely manner while allowing reconstruction of the attack path, hence further enabling the composition of advanced mitigation strategies. The resulting system shows high detection accuracy when compared to similar techniques, at least 20% better at detecting anomalies, and enables full path reconstruction even at small-to-moderate attack traffic intensities (as a fraction of the total traffic), saving up to 75% of bandwidth due to early attack detection.

Item Type:
Contribution in Book/Report/Proceedings
Additional Information:
©2017 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
ID Code:
Deposited By:
Deposited On:
10 Mar 2017 13:04
Last Modified:
16 Jul 2024 04:01