Distributed Network Anomaly Detection on an Event Processing Framework

Pamukchiev, A., Jouet, S. and Pezaros, D. P. (2017) Distributed Network Anomaly Detection on an Event Processing Framework. In: IEEE Consumer Communications and Networking Conference 2017, Las Vegas, NV, USA, 8-11 Jan 2017, pp. 659-664. ISBN 9781509061969 (doi: 10.1109/CCNC.2017.7983209)

130943.pdf - Accepted Version



Network Intrusion Detection Systems (NIDS) are an integral part of modern data centres to ensure high availability and compliance with Service Level Agreements (SLAs). Currently, NIDS are deployed on high-performance, high-cost middleboxes that are responsible for monitoring a limited section of the network. The fast increasing size and aggregate throughput of modern data centre networks have come to challenge the current approach to anomaly detection to satisfy the fast growing compute demand. In this paper, we propose a novel approach to distributed intrusion detection systems based on the architecture of recently proposed event processing frameworks. We have designed and implemented a prototype system using Apache Storm to show the benefits of the proposed approach as well as the architectural differences with traditional systems. Our system distributes modules across the available devices within the network fabric and uses a centralised controller for orchestration, management and correlation. Following the Software Defined Networking (SDN) paradigm, the controller maintains a complete view of the network but distributes the processing logic for quick event processing while performing complex event correlation centrally. We have evaluated the proposed system using publicly available data centre traces and demonstrated that the system can scale with the network topology while providing high performance and minimal impact on packet latency.

Item Type:Conference Proceedings
Glasgow Author(s) Enlighten ID:Pezaros, Professor Dimitrios and Jouet, Mr Simon
Authors: Pamukchiev, A., Jouet, S., and Pezaros, D. P.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:Proceedings of IEEE CCNC 2017
Copyright Holders:Copyright © 2017 IEEE
Publisher Policy:Reproduced in accordance with the copyright policy of the publisher
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
643481A Situation-aware information infrastructureDimitrios PezarosEngineering & Physical Sciences Research Council (EPSRC)EP/L026015/1COM - COMPUTING SCIENCE
709131Network Measurement as a Service (MaaS)Dimitrios PezarosEngineering & Physical Sciences Research Council (EPSRC)EP/N033957/1COM - COMPUTING SCIENCE
608831IMC2: Instrumentation, Measurement and Control for the CloudDimitrios PezarosEngineering & Physical Sciences Research Council (EPSRC)EP/L005255/1COM - COMPUTING SCIENCE