Crosstalk: A Scalable Cross-Protocol Monitoring System for Anomaly Detection
Key: DHC+10-1
Author: Andrea Di Pietro, Felipe Huici, Diego Costantini, Takahide Sugita, Saverio Niccolini
Date: May 2010
Kind: In proceedings
Book title: Proceedings of the IEEE International Conference on Communications
Keywords: monitoring, cross protocol, anomaly detection
Abstract: Monitoring is crucial both to the correct operation of a network and to the services that run on it. Operators perform monitoring for various purposes, including traffic engineering, quality of service, security and detection of faults and mis-configurations. However, the relentless growth of IP traffic volume renders real-time monitoring and analysis of data a very challenging problem. In this paper we introduce Crosstalk, a scalable and efficient distributed monitoring architecture that uses cross-protocol correlation to detect network anomalies. While applicable to a wide range of applications such as botnet detection, spam mitigation and mis-configurations, we pick a point in this application space, concentrating on VoIP attacks. We present extensive simulation results based both on generated calls and on millions of Call Data Records (CDRs) from a large VoIP operator to show our approach's performance and effectiveness.
View Full paper (PDF) | Download Full paper (PDF)

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.