Senatus - Implementation and Performance Evaluation
Abstract
Traffic anomaly detection in backbone networks has received increased at-tention from the research community over the last years. A variety of tech-niques and implementations has been proposed in this area, some which hasbecome commercial products. However, studies have revealed that theseproducts are hardly used, mainly because of high false-positive rates andthe fact that manual inspection of alarms is a time consuming task for thenetwork administrator.Senatus is a recently proposed technique for combined anomaly detectionand root-cause analysis, originally proposed by Atef Abdelkefi. In this the-sis, we provide a complete high-performance implementation of Senatus,including a web Dashboard with overview of anomalies and the possibil-ity for manual fine-tuning of parameters. Furthermore, we have verifiedSenatus performance by comparing Senatus with a implementation of awell-known histogram-based anomaly detection technique.Our results show that Senatus performs very well for detection scans, andthat it matches the histogram-based anomaly detector for Denial of Service-attacks.