Comparison Between Divergence Measures for Anomaly Detection of Mobile Agents in IP Networks

Abstract

This paper deals with detection of SYN flooding attacks which are the most common type of attacks in a Mobile Agent World. We propose a new framework for the detection of flooding attacks by integrating Divergence measures over Sketch data structure. We compare three divergence measures (Hellinger Distance, Chi-square and Power divergence) to analyze their detection accuracy. The performance of the proposed framework is investigated in terms of detection probability and false alarm ratio. We focus on tuning the parameter of Divergence Measures to optimize the performance. We conduct performance analysis over publicly available real IP traces, in Mobile Agent Network, integrated with flooding attacks. Our experimental results show that Power Divergence outperforms Chi-square divergence and Hellinger distance in network anomalies detection in terms of detection and false alarm.