Anomaly detection using network metadata

Khan, Hassan Shahid

Permalink

https://hdl.handle.net/2142/105109 Copy

Description

Title

Anomaly detection using network metadata

Author(s)

Khan, Hassan Shahid

Issue Date

2017-04-19

Director of Research (if dissertation) or Advisor (if thesis)

Caesar, Matthew

Department of Study

Computer Science

Discipline

Computer Science

Degree Granting Institution

University of Illinois at Urbana-Champaign

Degree Name

M.S.

Degree Level

Thesis

Keyword(s)

• network verification
• network metadata
• anomaly detection
• security
• network security

Abstract

Networks are traditionally configured manually by operators who can potentially introduce misconfigurations, exposing the network to security risks. Furthermore, as network complexity grows it becomes harder to track anomalous activity in networks, especially for configuration changes which may go unnoticed unless they have an immediate impact on network operation. Existing techniques for detecting anomalies rely on inspecting irregular patterns in network traffic or configuration files. In this work, we present a preliminary framework which utilizes network metadata for detecting anomalies across enterprise networks. Network metadata helps describe properties of a network that may not be expressed by traffic data, and provides an additional metric to evaluate the overall health of a network. Examples of network metadata include software version and interface status for each device in a network. We perform statistical analysis on a combination of network data plane and metadata features in order to detect anomalies as close as possible to the network’s actual behavior. Using a private enterprise dataset, we were able to analyze network metadata to identify anomalous trends which may render a network vulnerable to security threats.

Graduation Semester

2017-05

Type of Resource

text

Permalink

http://hdl.handle.net/2142/105109

Copyright and License Information

Copyright 2017 Hassan Shahid Khan

Owning Collections