Learn More
The objective of this paper is to describe a new distributed intrusion detection system (IDS) based on CVSS framework. This new platform uses a wide set of classical IDS and detection entities. This distributed IDS aims to improve the discovery of anomalies by reducing the rate of false positives and false negatives. Entities correlate the different alerts(More)
RÉSUMÉ. Nous nous intéressons à la détection d'attaques sur le réseau Internet. Nos procédures de détection reposent sur l'utilisation de lois non gaussiennes pour modéliser conjointement les distributions marginales du trafic agrégé à différents niveaux. Nous utilisons ensuite plu-sieurs distances statistiques pour quantifier une rupture dans cette(More)
RESEARCH INTEREST Computer networking with emphasis on measurement and analysis of IP networks. Development of statistical methods to classify TCP traffic based on the sizes of the first packet in the connection. Extension to the classification of encrypted traffic. The goal of the Metropolis project was to measure and analyze newtowrk performances The(More)
We design Distributed Denial of Service (DDoS) detection procedures based on a non Gaussian model-ing of the marginal distributions of aggregated Inter-net traffic. The theoretical and practical relevances of this modeling is illustrated and discussed. From this modeling, various statistical distances (Mean Quadratic Distance of Kullback Divergence) between(More)
An anomaly detection procedure based on statistical profiles of sketches of internet traffic is proposed. To validate its statistical performance, measurement campaigns were conducted to collect regular traffic as well as traffic with anomalies, on the Renater network. Anomalies were produced using real-world DDoS tools (tfn2k, trin00). The attacks target(More)
  • 1