SAMURAI (Traffic Anomaly Detection System)
- Technological fields
- Information Sharing Platform Technologies
- Keyword
- Traffic Anomaly
- Traffic Management
- DDoS Attack
- Laboratory organization
- NTT Information Sharing Platform Laboratories
In April 2007, a large-scale DDoS* attacked several websites for Republic of Estonia's government and financial organizations. It gave such a serious damage that those sites were shut down. Furthermore, there are increasing number of botnet DDoS attacks of blackmail or pecuniary corruption etc. Considering the situation, NTT Laboratories developed a traffic anomaly detection system called "SAMURAI".
Normally, a traffic anomaly detection system needs to detect anomalies and analyze them. It is also essential that the system have high operability. In order to fulfill the above conditions, we gathered many opinions and much expertise from IP network operators of NTT Group. By utilizing such information, we developed the SAMURAI. We developed own method for detecting anomalies from the past traffic trends, therefore we do not need any complicated parameter adjustment any more. It can also leads to a basis for the anomaly decision that is easy to grasp. We also developed another method that SAMURAI works together with mitigation devices and routing protocols. As mentioned above, with SAMURAI, operators can figure out traffic anomalies easily and take necessary countermeasures without causing extra operating costs. We verified the effectiveness of SAMURAI in actual network trials. Operators and customers now can confirm the situation promptly and take necessary countermeasures against anomalous traffic by appropriate instructions on SAMURAI Web portal.
After R&D in our laboratory, the SAMURAI technology has been transferred to NTT Communications for their product development by March 2008.
- * DDoS: Distributed Denial of Service
Traffic anomaly detection and mitigation process by SAMURAI
