Keerthan Kumar A - 2022 Poster Contest Resources

Browse Poster Wiki: 2022 Poster Award Winners, Awards Ceremony (Watch Recording from minute marker 1630), Posters by 2022 HPCC Systems InternsPosters by Academic Partners, Poster Judges, About Virtual Judging, 2022 Poster Contest Home Page, Poster Contest Previous Years

Keerthan Kumar is 3rd year Computer Science undergraduate student at RV College of Engineering

   

Poster Abstract

Due to advancements in Internet technologies and the concomitant rise in the number of network attacks, network intrusion detection has become a significant research issue. An intrusion is an attempt to access, manipulate information, and render a system unreliable. A DDoS attack is a malicious attempt to render a system unusable by sending a large number of requests. This large number of requests means a very high network traffic to the server. These DDoS attacks can be very devastating to any company or organization. Cloudflare had a recent attack (June 2022) which peaked at around 26 million requests per second. Such packets come from various destinations, so it is difficult to trace the source. This recent attack, named Mantis, is the largest scale attack ever seen upto date.

The objectives of this project are:

  1. Using a sample topology and generating normal data flow between nodes using SDN
  2. Capturing the packet informations and feeding to a database
  3. Transforming and Normalizing data
  4. Usage of time-series forecasting algorithms for predicting
  5. Giving a score to the anomalies detected

Here are some details about the methodology used in this project.

We establish a normal profile from the data that is coming, so when a point falls out of this normal profile, we can say it as an anomaly. But we cannot be 100 percent certain, so we give a score to it based on how far off it is from the normal profile. A higher score means a higher chance of it being an anomaly and a lower score means a lower chance of it being an anomaly.

When an attack happens, it comes at a very high rate. In Cloudflare’s recent attack, the peak was at around 26M requests per second. Within a second, a server will receive such packets and analysis has to be done on such packets using machine learning. When such a huge volume comes, there is more intensive work to be done by the machine learning model. Time-series forecasting algorithms like Arima will be used with a sliding window approach to forecast future data. Given a very large topology (which is usually the case), there will be large amounts of data flowing through the network. To analyze this flow, we intend to use HPCC Systems. By integrating our model into HPCC Systems, we will be able to train and predict in a quicker time.

Presentation

In this Video Recording, Keerthan provides a tour and explanation of his poster content.

Real-time Network Anomaly Detection System for Software Defined Networks using HPCC Systems

Click on the poster for a larger image.

All pages in this wiki are subject to our site usage guidelines.