| Title | Anomaly Detection for Science DMZs Using System Performance Data |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Gegan, Ross, Mao, Christina, Ghosal, Dipak, Bishop, Matt, Peisert, Sean |
| Conference Name | 2020 International Conference on Computing, Networking and Communications (ICNC) |
| Date Published | Feb. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-4905-9 |
| Keywords | anomaly detection, clustering, computer security, data transfer node, DBSCAN, DoS attack, high-performance computing, i-o systems security, machine learning, pubcrawl, Scalability, Science DMZ, scientific workflows, system performance metrics |
| Abstract | Science DMZs are specialized networks that enable large-scale distributed scientific research, providing efficient and guaranteed performance while transferring large amounts of data at high rates. The high-speed performance of a Science DMZ is made viable via data transfer nodes (DTNs), therefore they are a critical point of failure. DTNs are usually monitored with network intrusion detection systems (NIDS). However, NIDS do not consider system performance data, such as network I/O interrupts and context switches, which can also be useful in revealing anomalous system performance potentially arising due to external network based attacks or insider attacks. In this paper, we demonstrate how system performance metrics can be applied towards securing a DTN in a Science DMZ network. Specifically, we evaluate the effectiveness of system performance data in detecting TCP-SYN flood attacks on a DTN using DBSCAN (a density-based clustering algorithm) for anomaly detection. Our results demonstrate that system interrupts and context switches can be used to successfully detect TCP-SYN floods, suggesting that system performance data could be effective in detecting a variety of attacks not easily detected through network monitoring alone. |
| URL | https://ieeexplore.ieee.org/document/9049695/ |
| DOI | 10.1109/ICNC47757.2020.9049695 |
| Citation Key | gegan_anomaly_2020 |
Anomaly Detection for Science DMZs Using System Performance Data