Department of Manufacturing Engineering
June 5, 2007 Security and Wireless Sensor Networking Symposium
Statistical Anomaly Detection in Internet Traffic and Sensor Network Topology
We introduce a novel anomaly detection mechanism able to detect even subtle deviations from typical behavior in arbitrary traffic traces.
Using past traffic traces we characterize typical behavior during various time-of-day intervals using two different approaches: (i) a model-free approach that takes average traffic values over a certain time duration to be independent and identically distributed, and (ii) a model-based approach modeling traffic using a Markov modulated process. Using these characterizations as a reference we continuously monitor traffic and employ large deviations and decision theory results to identify “non-typical” behavior. We apply our methodology to Internet traffic traces and to traffic from wireless sensor networks. Because our techniques do not rely on recognizing specific “attack signatures” they can reliably identify a variety of anomalies and exploits including intrusions, denial of service, and network failures.
Yannis Paschalidis was born in Athens, Greece, in 1968. He received the Diploma degree in Electrical and Computer Engineering from the National Technical University of Athens, Athens, Greece (1991), and the S.M. and Ph.D. degrees in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology (MIT), Cambridge, Massachusetts, in 1993 and 1996, respectively.
During the summer of 1996 he was a Post-Doctoral Associate at the Laboratory for Information and Decision Systems, MIT, and since September 1996 he has been with Boston University (BU) where he currently is Associate Professor of Manufacturing Engineering. He is a member of the BU operations research and manufacturing systems group and is affiliated with the BU Center for Information and System Engineering (CISE). His current research interests include the analysis and control of stochastic systems, large deviations theory, queueing theory, optimization, pricing, and revenue management. The main application areas he is targeting include communication networks and systems, manufacturing systems, network control systems, supply chains, and distribution systems.
He has received an NSF CAREER award (2000), the second prize in the 1997 George E. Nicholson paper competition by INFORMS, and was an invited participant at the 2002 Frontiers of Engineering Symposium, organized by the National Academy of Engineering. He has served in the program committees of several conferences, including, the INFORMS Applied Probability Conference, the IEEE Conference on Decision and Control, and the INFOCOM. He is an associate editor of Operations Research Letters and of Automatica.
For more information, please visit Yannis Pachalidis’ personal web page.