The analysis of large amount of traffic data is the daily routine of Autonomous Systems and ISP operators. The detection of anomalies like denial-of-service (DoS) or distributed denial-of-service (DDoS) is also one of the main issues for critical services and infrastructures. The suitability of metrics coming from the information theory for detecting DoS and DDoS episodes has been widely analyzed in the past. Unfortunately, their effectiveness are often evaluated on synthetic data set, or, in other cases, on old and unrepresentative data set, e.g. the DARPA network dump. This paper presents the evaluation by means of main metrics proposed in the literature of a real and large network flow dataset, collected from an Italian transit tier II Autonomous System (AS) located in Rome. We show how we effectively detected and analyzed several attacks against Italian critical IT services, some of them also publicly announced. We further report the study of others legitimate and malicious activities we found by ex-post analysis

Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets / Spognardi, Angelo; Villani, Antonio; Vitali, Domenico; Mancini, Luigi Vincenzo; Battistoni, Roberto. - STAMPA. - 455:(2014), pp. 192-208. (Intervento presentato al convegno International Conference on E-Business and Telecommunications tenutosi a Rome, Italy) [10.1007/978-3-662-44791-8_12].

Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets

SPOGNARDI, Angelo;VITALI, Domenico;MANCINI, Luigi Vincenzo;
2014

Abstract

The analysis of large amount of traffic data is the daily routine of Autonomous Systems and ISP operators. The detection of anomalies like denial-of-service (DoS) or distributed denial-of-service (DDoS) is also one of the main issues for critical services and infrastructures. The suitability of metrics coming from the information theory for detecting DoS and DDoS episodes has been widely analyzed in the past. Unfortunately, their effectiveness are often evaluated on synthetic data set, or, in other cases, on old and unrepresentative data set, e.g. the DARPA network dump. This paper presents the evaluation by means of main metrics proposed in the literature of a real and large network flow dataset, collected from an Italian transit tier II Autonomous System (AS) located in Rome. We show how we effectively detected and analyzed several attacks against Italian critical IT services, some of them also publicly announced. We further report the study of others legitimate and malicious activities we found by ex-post analysis
2014
International Conference on E-Business and Telecommunications
Distributed denial-of-service attacks, Information divergence, Relative Entropy, Network security, Autonomous Systems, Internet security, Attack detection
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets / Spognardi, Angelo; Villani, Antonio; Vitali, Domenico; Mancini, Luigi Vincenzo; Battistoni, Roberto. - STAMPA. - 455:(2014), pp. 192-208. (Intervento presentato al convegno International Conference on E-Business and Telecommunications tenutosi a Rome, Italy) [10.1007/978-3-662-44791-8_12].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/878461
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 5
social impact