Skip to Main content Skip to Navigation

Détection et estimation d'anomalies dans un réseau de communication

Sandy Rahme 1
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : The supervision domain particularly the anomaly detection represents an important aspect of guaranteeing a Quality of Service to communication networks. A wide variety of disruptions designated as anomalies are often related to physical or technical problems such as power or file server failures, abrupt changes caused by legitimate traffic such as network congestion or flash crowds, and risky illegitimate behavior such as Denial-of-Service and Distributed Denial of Service (DoS/DDoS) attacks. We address the problem of anomalies detection and reconstruction in TCP/IP model based on control theory techniques. These anomalies are considered as fault signals in the mathematical model adopted for representing TCP/IP dynamics. For faults detection and according to our knowledge of the faults variations, the observers may be classified into known or unknown input observers. Our first contribution in terms of conceiving known input observers is limited to polynomial forms able to cover a wide range of anomalies. The anomaly and its derivatives are reconstructed by Luenberger observers after introducing them in the state space of the system. The construction of these latter observers is limited in terms of specific anomaly profiles and constrained by the polynomial degree associated to the anomaly. Therefore, another detection approach dealing with completely unknown anomalies is proposed. The sliding modes of first and higher orders are investigated to guarantee finite time convergence and robustness against parametric uncertainties and faults. Our proposals have been studied analytically by validating via Matlab/Simulink and the Network Simulator NS-2. Furthermore, in the context of NS-2, these approaches are integrated into a module for replaying traffic traces in order to test them on a TCP traffic captured in real environment.
Document type :
Complete list of metadatas
Contributor : Arlette Evrard <>
Submitted on : Tuesday, February 7, 2012 - 3:49:43 PM
Last modification on : Friday, January 10, 2020 - 9:10:07 PM
Long-term archiving on: : Wednesday, December 14, 2016 - 5:17:32 AM


  • HAL Id : tel-00667420, version 1


Sandy Rahme. Détection et estimation d'anomalies dans un réseau de communication. Automatique / Robotique. Université Paul Sabatier - Toulouse III, 2011. Français. ⟨tel-00667420⟩



Record views


Files downloads