CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 11417 > Article
Paper
27 April 2020 A robust principal component analysis approach to DoS-related network anomaly detection
Cody Doucette, Regan Broderick-Sander, Benjamin Toll, Aaron Helsinger, Nathaniel Soule, Partha Pal, Chong Zhou, Randy Paffenroth
Author Affiliations +
Proceedings Volume 11417, Cyber Sensing 2020; 114170B (2020) https://doi.org/10.1117/12.2562774
Event: SPIE Defense + Commercial Sensing, 2020, Online Only
Abstract
Many denial of service attacks target flaws and ill-specified features of network protocol designs and implementations. To most effectively mitigate such DoS attacks, a defense system should be able to detect an anomaly and attribute its root cause to the traffic protocols, features, and source associated with it. The Adaptive Resource Management Enabling Deception (ARMED) approach to these issues, described in previous work, is to push the measurement and analysis of traffic away from service endpoints - and into the network - to facilitate transparent anomaly detection of network protocols before the endpoint is affected. But what tools are available to do the heavy-lifting of analyzing traffic and pinpointing anomalies? This paper describes one such option - Robust Principal Component Analysis (RPCA). We adopted RPCA for use in an ARMED prototype to detect anomalies in real time for a variety of attack vectors. We found such an analysis can be performed within typical CPU and memory constraints of modern servers, and the anomaly detection is general enough to be able to detect both well-known attacks and, in theory, zero-day vulnerabilities in common network protocols.
© (2020) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Cody Doucette, Regan Broderick-Sander, Benjamin Toll, Aaron Helsinger, Nathaniel Soule, Partha Pal, Chong Zhou, and Randy Paffenroth "A robust principal component analysis approach to DoS-related network anomaly detection", Proc. SPIE 11417, Cyber Sensing 2020, 114170B (27 April 2020); https://doi.org/10.1117/12.2562774
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 12 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Detection and tracking algorithms
Principal component analysis
Floods
Inspection
Network security
Machine learning
Prototyping
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top