Unsupervised online anomaly detection in Software Defined Network environments
作者:
Highlights:
• Traffic features from IP flows are used to detect anomalous events.
• An unsupervised method for detecting DDoS and Portscan attacks.
• Multiple scenarios evaluation with DDoS and Portscan configurations.
• Our proposal handles the trade-off between detection performance and low-latency.
• Our IDS detected all DDoS attacks in the varied scenarios with a short time response.
摘要
•Traffic features from IP flows are used to detect anomalous events.•An unsupervised method for detecting DDoS and Portscan attacks.•Multiple scenarios evaluation with DDoS and Portscan configurations.•Our proposal handles the trade-off between detection performance and low-latency.•Our IDS detected all DDoS attacks in the varied scenarios with a short time response.
论文关键词:Anomaly detection,Software Defined Networking (SDN),Stream mining,DenStream,DDoS,Portscan
论文评审过程:Received 28 December 2020, Revised 23 October 2021, Accepted 11 November 2021, Available online 4 December 2021, Version of Record 13 December 2021.
论文官网地址:https://doi.org/10.1016/j.eswa.2021.116225
