Files in this item



application/pdfKHAN-THESIS-2017.pdf (1MB)Restricted Access
(no description provided)PDF


Title:Anomaly detection using network metadata
Author(s):Khan, Hassan Shahid
Advisor(s):Caesar, Matthew
Department / Program:Computer Science
Discipline:Computer Science
Degree Granting Institution:University of Illinois at Urbana-Champaign
Subject(s):network verification
network metadata
anomaly detection
network security
Abstract:Networks are traditionally configured manually by operators who can potentially introduce misconfigurations, exposing the network to security risks. Furthermore, as network complexity grows it becomes harder to track anomalous activity in networks, especially for configuration changes which may go unnoticed unless they have an immediate impact on network operation. Existing techniques for detecting anomalies rely on inspecting irregular patterns in network traffic or configuration files. In this work, we present a preliminary framework which utilizes network metadata for detecting anomalies across enterprise networks. Network metadata helps describe properties of a network that may not be expressed by traffic data, and provides an additional metric to evaluate the overall health of a network. Examples of network metadata include software version and interface status for each device in a network. We perform statistical analysis on a combination of network data plane and metadata features in order to detect anomalies as close as possible to the network’s actual behavior. Using a private enterprise dataset, we were able to analyze network metadata to identify anomalous trends which may render a network vulnerable to security threats.
Issue Date:2017-04-19
Rights Information:Copyright 2017 Hassan Shahid Khan
Date Available in IDEALS:2019-08-23
Date Deposited:2017-05

This item appears in the following Collection(s)

Item Statistics