Skip to Main content Skip to Navigation
Theses

Détection d'attaques sur les équipements d'accès à Internet

Gilles Roudiere 1
1 LAAS-SARA - Équipe Services et Architectures pour Réseaux Avancés
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : Network anomalies, and specifically distributed denial of services attacks, are still an important threat to the Internet stakeholders. Detecting such anomalies requires dedicated tools, not only able to perform an accurate detection but also to meet the several constraints due to an industrial operation. Such constraints include, amongst others, the ability to run autonomously or to operate on sampled traffic. Unlike supervised or signature-based approaches, unsupervised detection do not require any kind of knowledge database on the monitored traffic. Such approaches rely on an autonomous characterization of the traffic in production. They require the intervention of the network administrator a posteriori, when it detects a deviation from the usual shape of the traffic. The main problem with unsupervised detection relies on the fact that building such characterization is complex, which might require significant amounts of computing resources. This requirement might be deterrent, especially when the detection should run on network devices that already have a significant workload. As a consequence, we propose a new unsupervised detection algorithm that aims at reducing the computing power required to run the detection. Its detection focuses on distributed denial of service attacks. Its processing is based upon the creation, at a regular interval, of traffic snapshots, which helps the diagnosis of detected anomalies. We evaluate the performances of the detector over two datasets to check its ability to accurately detect anomalies and to operate, in real time, with limited computing power resources. We also evaluate its performances over sampled traffic. The results we obtained are compared with those obtained with FastNetMon and UNADA.
Complete list of metadata

Cited literature [99 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01886092
Contributor : Abes Star :  Contact
Submitted on : Wednesday, December 12, 2018 - 5:02:05 PM
Last modification on : Thursday, June 10, 2021 - 3:06:12 AM
Long-term archiving on: : Wednesday, March 13, 2019 - 3:46:49 PM

File

2018RoudiereGilles.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01886092, version 2

Citation

Gilles Roudiere. Détection d'attaques sur les équipements d'accès à Internet. Intelligence artificielle [cs.AI]. INSA de Toulouse, 2018. Français. ⟨NNT : 2018ISAT0017⟩. ⟨tel-01886092v2⟩

Share

Metrics

Record views

558

Files downloads

2938