CSSE Seminar Series (CSSESS)
Welcome to the web page describing past, present, and future seminars presented by staff, students, and visitors to the Department of Computer Science and Software Engineering.
View past or future seminars; or view the CSSESS Home Page.
Seminar
Performance Evaluation of the Information Sink in a Multi-Probe Statistical Anomaly Detection System
Speaker: Thomas Zinner.
Institute: University of Wurzburg, Germany.
Time/Place: 3:10 pm, Friday, 5 Dec, in Room 031, Erskine Building.
All are welcome.
Abstract
Statistical anomaly detection (SAD) has become an increasingly important tool for the early recognition of potential threats for security-relevant information systems. The basic principle is to monitor the data flow in a network and to extract statistical properties from the traffic measurements. Thus, SAD systems require firstly a permanent monitoring of network nodes, and secondly, an information processing instance to perform the required computations. Currently, the most common architecture for SAD systems follows the Client/Server design. The network probes, as clients, represent special entities in network nodes or on dedicated machines. These clients send their raw measurements to an information sink, i.e. the server, which processes the data from all network probes. However, this design is prone to bottlenecks at the server. The purpose of SAD systems is to identify network threats and to improve the level of security. Thus, dimensioning of the server's resources in terms of capacity, storage, and computational power is a crucial point, since a degradation of the system's performance and reliability due to congestion reduce the desired quality of security. We present an analysis of processing times and the resource requirements (buffer occupancy) of the information sink which constitute the bottleneck of Client/Server-based SAD systems. In order to dimension the system appropriately, we investigate the trade-off between accumulated and distributed arrival patterns, and the impact of the processing phase of the information sink on its performance.
Speaker Biography
Thomas Zinner, is a researcher in the Department of Distributed Systems, University of Wrzburg, Germany. His current research work is in the simulative and analytical performance evaluation. He is active in European Network of Excellence for the Next Generation Internet (EuroNF) and in German Information Technology Society (ITG). Furthermore he has been involved in projects developing German-wide IT-Malware Detection System and the G-LAB. His research interests are queuing theory, the impact of network parameters (QoS) and security mechanisms on the user perception (QoE) and network virtualization techniques.
View past or future seminars; or view the CSSESS Home Page.