Return to search

Nonparametric change point detection algorithms and applications in data networks.

Nonparametric change point detection algorithms have been applied in intrusion detection problems and network management. Specifically, applications considering denial of service detection and traffic control are focused in this work. The algorithms studied are inspired by the CUSUM (Cumulative Sum) and SP (Shiryaev-Pollak) parametric procedures. New nonparametric sequential and batch-sequential SP inspired algorithms are introduced and they are compared with existent solutions based on CUSUM procedure in terms of the evolution of the test sequences and the detection threshold using real data containing denial of service attacks with different patterns. The results show that our sequential approach generally has better performance concerning the detection delay and false alarm rate, while our batchsequential approach can decrease the false alarm rate when they are compared to their analogous CUSUM inspired procedures. In terms of traffic control, the Leaky Bucket (LB) algorithm, the most popular traffic regulation mechanism, is proved to be a kind of CUSUM procedure. This new interpretation and the mathematical framework introduced provided a simple compact notation for this algorithm. In addition, it was possible to interpret the Fractal LB (FLB), a traffic regulator developed to deal with self-similar traffic, as a sequential test. A modification in the FLB algorithm is made, resulting in an algorithm with improved performance in terms of number of well-behaved cells marked with lower priority or discarded and punishment of bad-behaved cells. Finally, the self-similarity influence on the nonparametric sequential algorithms under study is analyzed. The consideration of the selfsimilar nature of the traffic plays a crucial role in the performance and thresholds of these algorithms. In this work, it is presented an approach to improve the performance of the nonparametric sequential CUSUM based procedure in the presence of self-similar traffic.

Identiferoai:union.ndltd.org:IBICT/oai:agregador.ibict.br.BDTD_ITA:oai:ita.br:110
Date00 December 2004
CreatorsHellinton Hatsuo Takada
ContributorsAlessandro Anzaloni
PublisherInstituto Tecnológico de Aeronáutica
Source SetsIBICT Brazilian ETDs
LanguageEnglish
Detected LanguageEnglish
Typeinfo:eu-repo/semantics/publishedVersion, info:eu-repo/semantics/masterThesis
Formatapplication/pdf
Sourcereponame:Biblioteca Digital de Teses e Dissertações do ITA, instname:Instituto Tecnológico de Aeronáutica, instacron:ITA
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0024 seconds