Paper
27 April 2020 A robust principal component analysis approach to DoS-related network anomaly detection
Author Affiliations +
Abstract
Many denial of service attacks target flaws and ill-specified features of network protocol designs and implementations. To most effectively mitigate such DoS attacks, a defense system should be able to detect an anomaly and attribute its root cause to the traffic protocols, features, and source associated with it. The Adaptive Resource Management Enabling Deception (ARMED) approach to these issues, described in previous work, is to push the measurement and analysis of traffic away from service endpoints - and into the network - to facilitate transparent anomaly detection of network protocols before the endpoint is affected. But what tools are available to do the heavy-lifting of analyzing traffic and pinpointing anomalies? This paper describes one such option - Robust Principal Component Analysis (RPCA). We adopted RPCA for use in an ARMED prototype to detect anomalies in real time for a variety of attack vectors. We found such an analysis can be performed within typical CPU and memory constraints of modern servers, and the anomaly detection is general enough to be able to detect both well-known attacks and, in theory, zero-day vulnerabilities in common network protocols.
© (2020) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Cody Doucette, Regan Broderick-Sander, Benjamin Toll, Aaron Helsinger, Nathaniel Soule, Partha Pal, Chong Zhou, and Randy Paffenroth "A robust principal component analysis approach to DoS-related network anomaly detection", Proc. SPIE 11417, Cyber Sensing 2020, 114170B (27 April 2020); https://doi.org/10.1117/12.2562774
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Detection and tracking algorithms

Principal component analysis

Floods

Inspection

Network security

Machine learning

Prototyping

Back to Top