Poster: Learning distributions to detect anomalies using all the network traffic
Open access
Date
2023-09Type
- Other Conference Item
ETH Bibliography
yes
Altmetrics
Abstract
Anomaly detection is an essential building block of many applications, including DDoS detection, root cause analysis, traffic estimation, and change detection.
A vital part of detecting anomalies is establishing a sense of normality, e.g., by learning distributions for various features from benign traffic.
Learning these distributions in the control plane requires coping with the limited visibility of sampling; learning distributions in the data plane requires relying on simplistic techniques because of hardware constraints.
We propose a novel data- and control-plane co-design for learning distributions:
in the control plane, we search for candidate distributions with Bayesian optimization;
in the data plane, we evaluate how well each distribution matches _all observed_ traffic, without missing rare events.
The aggregated evaluation results are fed back to the control plane to guide the optimization and learn accurate distributions.
Our key insight is that while learning and optimization are infeasible in the data plane, evaluating distributions is feasible and leverages data plane strengths.
We confirm the feasibility of our approach with a preliminary evaluation. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000630781Publication status
publishedExternal links
Book title
ACM SIGCOMM '23: Proceedings of the ACM SIGCOMM 2023 ConferencePages / Article No.
Publisher
Association for Computing MachineryEvent
Subject
Machine Learning; Programmable Networks; Network SecurityOrganisational unit
09477 - Vanbever, Laurent / Vanbever, Laurent
Related publications and datasets
Is supplemented by: https://doi.org/10.3929/ethz-b-000630782
Notes
Poster abstractMore
Show all metadata
ETH Bibliography
yes
Altmetrics