Service and Infrastructure Anomaly Detection (L-ADS and LUCID)

L-ADS (Live Anom­aly Detec­tion Sys­tem) allows the detec­tion of anom­alies in the net­work, that is, cyber-attacks, main­ten­ance noti­fic­a­tions, issues out of nor­mal­ity. It works by mon­it­or­ing the traffic which is enter­ing into Fog­At­las and among the microservices and alerts about any abnor­mal situ­ation. It is integ­rable with any type of plat­form.
ATOS has evolved this asset with­in the DECENTER pro­ject which ini­tially was developed in sev­er­al cyber­se­cur­ity EU research pro­jects, and now it has been improved in Edge, Fog and Cloud sys­tems.
L-ADS is a high poten­tial asset for cyber­se­cur­ity envir­on­ments and has been suc­cess­fully presen­ted in sev­er­al work­shops and con­fer­ences. More inform­a­tion about this asset can be found in the paper, “LADS: A Live Anom­aly Detec­tion Sys­tem based on Machine Learn­ing Meth­ods”.

Part­ner: ATOS

LUCID (Light­weight, Usable CNN in DDoS Detec­tion) is a light­weight Deep Learn­ing-based DDoS detec­tion frame­work suit­able for online resource-con­strained envir­on­ments, which lever­ages Con­vo­lu­tion­al Neur­al Net­works (CNNs) to learn the beha­viour of DDoS and benign traffic flows with both low pro­cessing over­head and attack detec­tion time. LUCID includes a data­set-agnost­ic pre-pro­cessing mech­an­ism that pro­duces traffic obser­va­tions con­sist­ent with those col­lec­ted in exist­ing online sys­tems, where the detec­tion algorithms must cope with seg­ments of traffic flows col­lec­ted over pre-defined time win­dows. 

The source code of LUCID is avail­able at: https://github.com/doriguzzi/lucid-ddos

Part­ner: FBK