“Sketch-Based Attack Detection on Programmable Networks”

From Navigators

Revision as of 14:30, 20 February 2019 by Fvramos (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

João Amado (advised by Fernando Ramos, Miguel Correia)

Master’s thesis, Mestrado em Engenharia Informática e de Computadores, Instituto Superior Técnico, Nov. 2018

Abstract: The implementation of an intrusion detection system deals with two problems. First, the need to obtain up-to-date statistics encompassing various metrics of interest that can range from network traffic information (e.g., network load or latency) to security alerts. Second, the ability to extract relevant knowledge from the aforementioned data. The first problem is usually tackled through real-time network monitoring using low accuracy techniques such as packet sampling, requiring the placement of expensive hardware components in crucial network points in order to improve accuracy. In this thesis we plan to approach this challenge with programmable networking, a new approach to computer networks that separates the data plane from the control plane, enabling the centralization of network control and the execution of applications that direct the configuration of forwarding devices. This new paradigm includes the programmability of forwarding devices, such as switches, and enables the use of sketching algorithms directly in the data plane, that provide summary statistics about packet flows, allowing a more effective network monitoring. We tackle the second problem through unsupervised machine learning techniques that possess the ability to identify a specific behavior without any prior knowledge or training phase, serving as a powerful instrument to detect suspicious patterns. This work will, therefore, propose the design, implementation, and evaluation of a monitoring system using programmable switches that leverages machine learning algorithms to perform network attack detection.

Download paper

Download Sketch-Based Attack Detection on Programmable Networks

Export citation

BibTeX

Project(s): Project:UPVN

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox