Comparison between divergence measures for anomaly detection of mobile agents in IP networks

Jean Tajer, Mo Adda, Benjamin Aziz

Research output: Contribution to journalArticlepeer-review

85 Downloads (Pure)

Abstract

This paper deals with detection of SYN flooding attacks which are the most common type of attacks in a Mobile Agent World. We propose a new framework for the detection of flooding attacks by integrating Divergence measures over Sketch data structure. We compare three divergence measures (Hellinger Distance, Chi-square and Power divergence) to analyze their detection accuracy. The performance of the proposed framework is investigated in terms of detection probability and false alarm ratio. We focus on tuning the parameter of Divergence Measures to optimize the performance. We conduct performance analysis over publicly available real IP traces, in Mobile Agent Network, integrated with flooding attacks. Our experimental results show that Power Divergence outperforms Chi-square divergence and Hellinger distance in network anomalies detection in terms of detection and false alarm.
Original languageEnglish
JournalInternational Journal of Wireless & Mobile Networks (IJWMN)
Volume9
Issue number3
DOIs
Publication statusPublished - 1 Jun 2017

Keywords

  • mobile agents
  • SYN flooding
  • Hellinger distance
  • Chi-square
  • Power Divergence
  • Sketch technique
  • IP networks

Fingerprint

Dive into the research topics of 'Comparison between divergence measures for anomaly detection of mobile agents in IP networks'. Together they form a unique fingerprint.

Cite this