Name
Title | ||
|---|---|---|
Spatio-temporal network anomaly detection by assessing deviations of empirical measures |
Abstract | ||
|---|---|---|
We introduce an Internet traffic anomaly detection mechanism based on large deviations results for empirical measures. Using past traffic traces we characterize network traffic during various time-of-day intervals, assuming that it is anomaly-free. We present two different approaches to characterize traffic: (i) a model-free approach based on the method of types and Sanov's theorem, and (ii) a model-based approach modeling traffic using a Markov modulated process. Using these characterizations as a reference we continuously monitor traffic and employ large deviations and decision theory results to "compare" the empirical measure of the monitored traffic with the corresponding reference characterization, thus, identifying traffic anomalies in real-time. Our experimental results show that applying our methodology (even short-lived) anomalies are identified within a small number of observations. Throughout, we compare the two approaches presenting their advantages and disadvantages to identify and classify temporal network anomalies. We also demonstrate how our framework can be used to monitor traffic from multiple network elements in order to identify both spatial and temporal anomalies. We validate our techniques by analyzing real traffic traces with time-stamped anomalies. |
Year | DOI | Venue |
|---|---|---|
2009 | 10.1109/TNET.2008.2001468 | IEEE/ACM Trans. Netw. |
Keywords | Field | DocType |
Telecommunication traffic,Traffic control,Intrusion detection,Decision theory,Power engineering and energy,Systems engineering and theory,Internet,Markov processes,Computerized monitoring,Instruments | Anomaly detection,Data mining,Markov process,Computer science,Network security,Markov chain,Large deviations theory,Empirical measure,Intrusion detection system,Internet traffic | Journal |
Volume | Issue | ISSN |
17 | 3 | 1063-6692 |
Citations | PageRank | References |
33 | 1.58 | 19 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| ioannis ch paschalidis | 1 | 241 | 25.29 |
| Georgios Smaragdakis | 2 | 647 | 44.52 |
| PaschalidisIoannis Ch. | 3 | 189 | 17.38 |