[go: up one dir, main page]

WO2007006994A3 - Static detection of anomalies in traffic concerning a service entity - Google Patents

Static detection of anomalies in traffic concerning a service entity Download PDF

Info

Publication number
WO2007006994A3
WO2007006994A3 PCT/FR2006/050669 FR2006050669W WO2007006994A3 WO 2007006994 A3 WO2007006994 A3 WO 2007006994A3 FR 2006050669 W FR2006050669 W FR 2006050669W WO 2007006994 A3 WO2007006994 A3 WO 2007006994A3
Authority
WO
WIPO (PCT)
Prior art keywords
anomalies
module
traffic
evaluation
volume
Prior art date
Application number
PCT/FR2006/050669
Other languages
French (fr)
Other versions
WO2007006994A2 (en
Inventor
Herve Sibert
Emmanuel Besson
Aline Gouget
Original Assignee
France Telecom
Herve Sibert
Emmanuel Besson
Aline Gouget
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by France Telecom, Herve Sibert, Emmanuel Besson, Aline Gouget filed Critical France Telecom
Publication of WO2007006994A2 publication Critical patent/WO2007006994A2/en
Publication of WO2007006994A3 publication Critical patent/WO2007006994A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Traffic Control Systems (AREA)

Abstract

The invention concerns a device for fast detection of anomalies in the traffic (LT) concerning at least one service entity (SE) following an attack of denial of service by flooding, wherein a module (MOD) provides a model of the normal activity of the entity through models for volume components of the traffic. Each model comprises a period of validity, statistical values and a conformity threshold dependent on the statistical values. A module (DET) determines for at least one evaluation of volume component at a later date a deviation of the volumic component relative to the model of the volume component and having a period of validity including the evaluation date. A module (ALE) determines a global alarm based on the deviation of the volume components for evaluation and signals an abnormal activity if the global alarm value exceeds a predetermined alarm value.
PCT/FR2006/050669 2005-07-07 2006-07-04 Static detection of anomalies in traffic concerning a service entity WO2007006994A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0552098 2005-07-07
FR0552098A FR2888438A1 (en) 2005-07-07 2005-07-07 STATIC DETECTION OF ANOMALIES IN TRAFFIC RELATING TO A SERVICE ENTITY

Publications (2)

Publication Number Publication Date
WO2007006994A2 WO2007006994A2 (en) 2007-01-18
WO2007006994A3 true WO2007006994A3 (en) 2007-03-22

Family

ID=36143744

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2006/050669 WO2007006994A2 (en) 2005-07-07 2006-07-04 Static detection of anomalies in traffic concerning a service entity

Country Status (2)

Country Link
FR (1) FR2888438A1 (en)
WO (1) WO2007006994A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8887281B2 (en) 2002-01-25 2014-11-11 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusion in computer systems
US8931094B2 (en) 2001-08-16 2015-01-06 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US9306966B2 (en) 2001-12-14 2016-04-05 The Trustees Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7424619B1 (en) * 2001-10-11 2008-09-09 The Trustees Of Columbia University In The City Of New York System and methods for anomaly detection and adaptive learning
US8544087B1 (en) 2001-12-14 2013-09-24 The Trustess Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050125195A1 (en) * 2001-12-21 2005-06-09 Juergen Brendel Method, apparatus and sofware for network traffic management

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050125195A1 (en) * 2001-12-21 2005-06-09 Juergen Brendel Method, apparatus and sofware for network traffic management

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
LAZAREVIC, A., ERTOZ, L., OZGUR, A, SRIVASTAVA, J., KUMAR, V.: "A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection", PROCEEDINGS OF THIRD SIAM CONFERENCE ON DATA MINING, SAN FRANCISCO, 1 March 2003 (2003-03-01), XP002379529, Retrieved from the Internet <URL:http://www.cs.umn.edu/research/minds/papers/siam2003.pdf> [retrieved on 20060503] *
NONG YE ET AL: "An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems", QUALITY AND RELIABILITY ENGINEERING INTERNATIONAL WILEY UK, vol. 17, no. 2, March 2001 (2001-03-01), pages 105 - 112, XP002379530, ISSN: 0748-8017, Retrieved from the Internet <URL:http://www3.http://www3.interscience.wiley.com/cgi-bin/abstract/78003294/ABSTRACT?CRETRY=1&SRETRY=0> [retrieved on 20060503] *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8931094B2 (en) 2001-08-16 2015-01-06 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US9306966B2 (en) 2001-12-14 2016-04-05 The Trustees Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US8887281B2 (en) 2002-01-25 2014-11-11 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusion in computer systems
US8893273B2 (en) 2002-01-25 2014-11-18 The Trustees Of Columbia University In The City Of New York Systems and methods for adaptive model generation for detecting intrusions in computer systems
US9497203B2 (en) 2002-01-25 2016-11-15 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusion in computer systems

Also Published As

Publication number Publication date
FR2888438A1 (en) 2007-01-12
WO2007006994A2 (en) 2007-01-18

Similar Documents

Publication Publication Date Title
Papadimitratos et al. GNSS-based positioning: Attacks and countermeasures
Müter et al. A structured approach to anomaly detection for in-vehicle networks
WO2007006994A3 (en) Static detection of anomalies in traffic concerning a service entity
Fouladirad et al. Optimal statistical fault detection with nuisance parameters
WO2008043109A3 (en) System and method of reporting and visualizing malware on mobile networks
WO2006073691A3 (en) Determining relative spatial information between vehicles
WO2009140049A3 (en) System and methods for metering and analyzing energy consumption of events within a portable device
WO2005098642A3 (en) Methods and systems for processing email messages
WO2009067509A3 (en) Diagnostic monitoring by a wireless device
WO2007082204A3 (en) Asset performance optimization
WO2010065253A3 (en) System and method for protecting against spoofed a-gnss measurement data
WO2007098405A3 (en) Systems and methods for determining a flow of data
WO2004088331A3 (en) Method of precisely determining the location of a fault on an electrical transmision system
WO2006049672A3 (en) Empirical scheduling of networks packets using coarse and fine testing periods
EP1746768A3 (en) Method and apparatus for data network sampling
WO2008122459A3 (en) Monitoring reliability of a digital system
WO2008082780A3 (en) Performance assessment of policies in policy based networks
WO2010009766A8 (en) Lawful interception for 2g/3g equipment interworking with evolved packet system
WO2008096078A3 (en) Portable electronic device and method for securing such device
WO2007142798A3 (en) Methods and apparatuses for detecting deviations from legitimate operation on a wireless network
WO2008101165A3 (en) Electronic messaging recordlessness warning and routing system and method
WO2007010101A3 (en) Detecting an intrusion by alternative routing of data packets in a telecommunication network
WO2007006995A3 (en) Dynamic detection of anomalies in the traffic concerning a service entity
BRPI0508930A (en) self-propagating program detector, method, signals and medium
WO2006072617A3 (en) System for monitoring the area between a train and the platform edge

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06779010

Country of ref document: EP

Kind code of ref document: A2