Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/30668' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/30668' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Large-Scale Traffic Anomaly Detection: Analysis of Real Netflow Datasets

The analysis of large amount of traffic data is the daily routine of Autonomous Systems and ISP operators. The detection of anomalies like denial-of-service (DoS) or distributed denial-of-service (DDoS) is also one of the main issues for critical services and infrastructures. The suitability of metrics coming from the information theory for detecting DoS and DDoS episodes has been widely analyzed in the past. Unfortunately, their effectiveness are often evaluated on synthetic data set, or, in other cases, on old and unrepresentative data set, e.g. the DARPA network dump. This paper presents the evaluation by means of main metrics proposed in the literature of a real and large network flow dataset, collected from an Italian transit tier II Autonomous System (AS) located in Rome. We show how we effectively detected and analyzed several attacks against Italian critical IT services, some of them also publicly announced. We further report the study of others legitimate and malicious activities we found by ex-post analysis.


E-Business and Telecommunications Communications in Computer and Information Science, 2014

Autori esterni: Antonio Villani (Department of Mathematics, Università Roma Tre. L. San Leonardo Murialdo 1 – 00146 Rome – Italy), Domenico Vitali (Computer Science Department, Sapienza Università di Roma. a Via Salaria 113 – 00198 Rome – Italy), Luigi V. Mancini (Computer Science Department, Sapienza Università di Roma. a Via Salaria 113 – 00198 Rome – Italy), Roberto Battistoni ()
Autori IIT:

Angelo Spognardi

Foto di Angelo Spognardi

Tipo: Articoli su riviste non ISI con referee internazionali
Area di disciplina: Information Technology and Communication Systems
Da pagina 192 a pagina 208

Attività: Architetture, protocolli e meccanismi di sicurezza per sistemi e servizi distribuiti