“Sketch-Based Attack Detection on Programmable Networks”

From Navigators

(Difference between revisions)
Jump to: navigation, search
(Created page with "{{Publication |type=mastersthesis |document=Document for Publication-Amado2018.pdf |title=Sketch-Based Attack Detection on Programmable Networks |author=João Amado |Project=Proj...")
 
Line 3: Line 3:
|document=Document for Publication-Amado2018.pdf
|document=Document for Publication-Amado2018.pdf
|title=Sketch-Based Attack Detection on Programmable Networks
|title=Sketch-Based Attack Detection on Programmable Networks
-
|author=João Amado
+
|author=João Amado,
-
|Project=Project:UPVN,  
+
|Project=Project:UPVN,
|ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
|ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
|month=nov
|month=nov
Line 10: Line 10:
|abstract=The implementation of an intrusion detection system deals with two problems. First, the need to obtain up-to-date statistics encompassing various metrics of interest that can range from network traffic information (e.g., network load or latency) to security alerts. Second, the ability to extract relevant knowledge from the aforementioned data. The first problem is usually tackled through real-time network monitoring using low accuracy techniques such as packet sampling, requiring the placement of expensive hardware components in crucial network points in order to improve accuracy. In this thesis we plan to approach this challenge with programmable networking, a new approach to computer networks that separates the data plane from the control plane, enabling the centralization of network control and the execution of applications that direct the configuration of forwarding devices. This new paradigm includes the programmability of forwarding devices, such as switches, and enables the use of sketching algorithms directly in the data plane, that provide summary statistics about packet flows, allowing a more effective network monitoring. We tackle the second problem through unsupervised machine learning techniques that possess the ability to identify a specific behavior without any prior knowledge or training phase, serving as a powerful instrument to detect suspicious patterns. This work will, therefore, propose the design, implementation, and evaluation of a monitoring system using programmable switches that leverages machine learning algorithms to perform network attack detection.
|abstract=The implementation of an intrusion detection system deals with two problems. First, the need to obtain up-to-date statistics encompassing various metrics of interest that can range from network traffic information (e.g., network load or latency) to security alerts. Second, the ability to extract relevant knowledge from the aforementioned data. The first problem is usually tackled through real-time network monitoring using low accuracy techniques such as packet sampling, requiring the placement of expensive hardware components in crucial network points in order to improve accuracy. In this thesis we plan to approach this challenge with programmable networking, a new approach to computer networks that separates the data plane from the control plane, enabling the centralization of network control and the execution of applications that direct the configuration of forwarding devices. This new paradigm includes the programmability of forwarding devices, such as switches, and enables the use of sketching algorithms directly in the data plane, that provide summary statistics about packet flows, allowing a more effective network monitoring. We tackle the second problem through unsupervised machine learning techniques that possess the ability to identify a specific behavior without any prior knowledge or training phase, serving as a powerful instrument to detect suspicious patterns. This work will, therefore, propose the design, implementation, and evaluation of a monitoring system using programmable switches that leverages machine learning algorithms to perform network attack detection.
|school=Mestrado em Engenharia Informática e de Computadores, Instituto Superior Técnico
|school=Mestrado em Engenharia Informática e de Computadores, Instituto Superior Técnico
-
|advisor=Fernando Ramos, Miguel Correia,  
+
|advisor=Fernando Ramos, Miguel Correia,
}}
}}

Latest revision as of 14:30, 20 February 2019

João Amado (advised by Fernando Ramos, Miguel Correia)

Master’s thesis, Mestrado em Engenharia Informática e de Computadores, Instituto Superior Técnico, Nov. 2018

Abstract: The implementation of an intrusion detection system deals with two problems. First, the need to obtain up-to-date statistics encompassing various metrics of interest that can range from network traffic information (e.g., network load or latency) to security alerts. Second, the ability to extract relevant knowledge from the aforementioned data. The first problem is usually tackled through real-time network monitoring using low accuracy techniques such as packet sampling, requiring the placement of expensive hardware components in crucial network points in order to improve accuracy. In this thesis we plan to approach this challenge with programmable networking, a new approach to computer networks that separates the data plane from the control plane, enabling the centralization of network control and the execution of applications that direct the configuration of forwarding devices. This new paradigm includes the programmability of forwarding devices, such as switches, and enables the use of sketching algorithms directly in the data plane, that provide summary statistics about packet flows, allowing a more effective network monitoring. We tackle the second problem through unsupervised machine learning techniques that possess the ability to identify a specific behavior without any prior knowledge or training phase, serving as a powerful instrument to detect suspicious patterns. This work will, therefore, propose the design, implementation, and evaluation of a monitoring system using programmable switches that leverages machine learning algorithms to perform network attack detection.

Download paper

Download Sketch-Based Attack Detection on Programmable Networks

Export citation

BibTeX

Project(s): Project:UPVN

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox