Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Active Metrology for Anomaly Detection in Internet Traffic
KTH, School of Electrical Engineering (EES).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The detection of anomalies occurring in a network is of great importance. Networks need to guarantee performance to their users as well as their security. The detection of anomalies needs to be done as quickly as possible to provide an appropriate response to the threat (block the traffic of an attack, bring additional servers to answer a high demand). The thesis answers the question: can the detection of anomalies be done by using active monitoring?

Active monitoring is done by sending probe packets on a network to evaluate the state of the traffic. Active monitoring generates an additional traffic on the network. Several metrics can be measured but not all are interesting for the detection of anomalies.

Several detection methods have been developed over the years, and several categories exist. The supervised and semi-supervised algorithms need labeled data while unsupervised algorithms do not.

The thesis develops a solution using an active tool measuring the available bandwidth of a network and a statistical detection algorithm based on change point detection.

The solution has been tested on a controlled testbed against Denial of Service attacks (DoS) and shows promising results against them, but hasn’t been able to detect network scanning.

Place, publisher, year, edition, pages
2016. , TRITA EE 2016:028 p.
Series
EES Examensarbete / Master Thesis, TRITA EE 2016:028
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-187725OAI: oai:DiVA.org:kth-187725DiVA: diva2:931341
Examiners
Available from: 2016-05-27 Created: 2016-05-27 Last updated: 2016-05-27Bibliographically approved

Open Access in DiVA

fulltext(3289 kB)63 downloads
File information
File name FULLTEXT01.pdfFile size 3289 kBChecksum SHA-512
52a7100d9a9b98e4cc290c9cb8f0226f85ced1573d30d500ea777e453f814b35399ccfd7634e3b1c641546fa31ed5c6d8ed1b4ebbb65443d18a0ad86ab0d46e5
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering (EES)
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 63 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 112 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf