An Open Hardware Implementation of CUSUM Based Network Anomaly Detection
The detection of anomalies in backbone networks is posing serious performance issues, not only in terms of accuracy, but also in terms of detection speed. Indeed current software solutions to the problem, even promising from the point of view of detection and false alarm rates, suffer from the inability of performing the required operations in real time, when working in high speed backbone networks. On the other hand, hardware solutions are based on costly and inflexible niche systems. To address such issues, in this paper, the authors propose a system based on a the implementation of a "Classical" CUSUM-based anomaly detection method on an open networking platform accelerator (i.e., NetFPGA).