Change search
ReferencesLink to record
Permanent link

Direct link
Active Metrology for Anomaly Detection in Internet Traffic
KTH, School of Electrical Engineering (EES).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The detection of anomalies occurring in a network is of great importance. Networks need to guarantee performance to their users as well as their security. The detection of anomalies needs to be done as quickly as possible to provide an appropriate response to the threat (block the traffic of an attack, bring additional servers to answer a high demand). The thesis answers the question: can the detection of anomalies be done by using active monitoring?

Active monitoring is done by sending probe packets on a network to evaluate the state of the traffic. Active monitoring generates an additional traffic on the network. Several metrics can be measured but not all are interesting for the detection of anomalies.

Several detection methods have been developed over the years, and several categories exist. The supervised and semi-supervised algorithms need labeled data while unsupervised algorithms do not.

The thesis develops a solution using an active tool measuring the available bandwidth of a network and a statistical detection algorithm based on change point detection.

The solution has been tested on a controlled testbed against Denial of Service attacks (DoS) and shows promising results against them, but hasn’t been able to detect network scanning.

Place, publisher, year, edition, pages
2016. , TRITA EE 2016:028 p.
EES Examensarbete / Master Thesis, TRITA EE 2016:028
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
URN: urn:nbn:se:kth:diva-187725OAI: diva2:931341
Available from: 2016-05-27 Created: 2016-05-27 Last updated: 2016-05-27Bibliographically approved

Open Access in DiVA

fulltext(3289 kB)24 downloads
File information
File name FULLTEXT01.pdfFile size 3289 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering (EES)
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 24 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 50 hits
ReferencesLink to record
Permanent link

Direct link