An orchestration approach for unwanted Internet traffic identification |
| |
| Authors: | Eduardo Feitosa Eduardo Souto Djamel H Sadok |
| |
| Affiliation: | 1. Management Information Systems, National Chengchi University, Taipei, Taiwan;2. Information & Operations Management, ESCP Europe, Paris, France;3. MSc Big Data & Business Analytics, ESCP Europe, Paris, France;4. Information Systems and Operations Management, University of Florida, USA;1. Department of Mathematics and Statistics University of New Hampshire, Durham, New Hampshire, 03824, USA;2. Département de mathématiques et de statistiqueUniversité de Montréal, Montréal, Québec, Canada |
| |
| Abstract: | A simple examination of Internet traffic shows a wide mix of relevant and unwanted traffic. The latter is becoming increasingly harmful to network performance and service availability, while often consuming precious network and processing resources. Coordinated attacks, such as distributed denial-of-services (DDoS), large-scale scans, and worm outbreaks, occur in multiple networks simultaneously and become extremely difficult to detect using an individual detection engine. This paper presents the specification of a new orchestration-based approach to detect, and, as far as possible, to limit the actions of these coordinated attacks. Core to the proposal is a framework that coordinates the receiving of a multitude of alerts and events from detectors, evaluates this input to detect or prove the existence of anomalies, and consequently chooses the best action course. This framework is named Orchestration-oriented Anomaly Detection System (OADS). We also describe an OADS prototype implementation of the proposed infrastructure and analyze initial results obtained through experimentation with this prototype. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
