Name
Title | ||
|---|---|---|
Anomaly Detection in Network Traffic Based on Statistical Inference and \alpha-Stable Modeling |
Abstract | ||
|---|---|---|
This paper proposes a novel method to detect anomalies in network traffic, based on a nonrestricted \alpha-stable first-order model and statistical hypothesis testing. To this end, we give statistical evidence that the marginal distribution of real traffic is adequately modeled with \alpha-stable functions and classify traffic patterns by means of a Generalized Likelihood Ratio Test (GLRT). The method automatically chooses traffic windows used as a reference, which the traffic window under test is compared with, with no expert intervention needed to that end. We focus on detecting two anomaly types, namely floods and flash-crowds, which have been frequently studied in the literature. Performance of our detection method has been measured through Receiver Operating Characteristic (ROC) curves and results indicate that our method outperforms the closely-related state-of-the-art contribution described in [CHECK END OF SENTENCE]. All experiments use traffic data collected from two routers at our university—a 25,000 students institution—which provide two different levels of traffic aggregation for our tests (traffic at a particular school and the whole university). In addition, the traffic model is tested with publicly available traffic traces. Due to the complexity of \alpha-stable distributions, care has been taken in designing appropriate numerical algorithms to deal with the model. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1109/TDSC.2011.14 | IEEE Trans. Dependable Sec. Comput. |
Keywords | Field | DocType |
traffic pattern,detection method,traffic data,network traffic,statistical inference,traffic windows,traffic window,alpha-stable modeling,real traffic,traffic aggregation,anomaly detection,available traffic trace,traffic model,computer model,data models,statistical model,mathematical model,statistical models,statistical testing,stable distribution,hypothesis testing,data model,hypothesis test,data collection,data analysis,feature extraction,computational modeling,receiver operator characteristic,roc curve,first order,artificial neural network,artificial neural networks,generalized likelihood ratio test,roc curves,statistical hypothesis testing | Data modeling,Anomaly detection,Data mining,Traffic analysis,Likelihood-ratio test,Computer science,Real-time computing,Artificial intelligence,Statistical inference,Statistical hypothesis testing,Traffic generation model,Statistical model,Machine learning | Journal |
Volume | Issue | ISSN |
8 | 4 | 1545-5971 |
Citations | PageRank | References |
3 | 0.41 | 18 |
Authors | ||
6 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Federico Simmross Wattenberg | 1 | 12 | 3.95 |
| Juan Ignacio Asensio-Perez | 2 | 3 | 0.41 |
| Pablo Casaseca | 3 | 77 | 15.83 |
| Marcos Martin-Fernandez | 4 | 54 | 5.62 |
| Ioannis A. Dimitriadis | 5 | 3 | 0.41 |
| carlos alberolalopez | 6 | 30 | 2.30 |