The LogLog Counting Reversible Sketch: A Distributed Architecture for Detecting Anomalies in Backbone Networks
The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management and many detection techniques, able to promptly reveal and identify network attacks, mainly detecting Heavy Changes (HCs) in the network traffic, have been proposed. Nevertheless, the recent spread of coordinated attacks, that occur in multiple networks simultaneously, makes extremely difficult the detection, using isolated intrusion detection systems that only monitor a limited portion of the Internet. For this reason in this paper, the authors propose a novel distributed architecture that represents a general framework for the detection of network anomalies.