Name
Abstract | ||
|---|---|---|
When many flows are multiplexed on a non-saturated link, their volume changes over short timescales tend to cancel each other out, making the average change across flows close to zero. This equilibrium property holds if the flows are nearly independent, and it is violated by traffic changes caused by several, potentially small, correlated flows. Many traffic anomalies (both malicious and benign) fit this description. Based on this observation, we exploit equilibrium to design a computationally simple detection method for correlated anomalous flows. We compare our new method to two well known techniques on three network links. We manually classify the anomalies detected by the three methods, and discover that our method uncovers a different class of anomalies than previous techniques do. |
Year | DOI | Venue |
|---|---|---|
2010 | 10.1145/1851182.1851215 | SIGCOMM |
Keywords | Field | DocType |
anomaly detection,statistical test | Anomaly detection,Data mining,Computer security,Computer science,Exploit,Multiplexing,Statistical hypothesis testing | Conference |
Volume | Issue | ISSN |
40 | 4 | 0146-4833 |
Citations | PageRank | References |
40 | 1.88 | 21 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Fernando Silveira | 1 | 41 | 2.23 |
| Christophe Diot | 2 | 7831 | 590.69 |
| Nina Taft | 3 | 2109 | 154.92 |
| ramesh govindan | 4 | 15430 | 2144.86 |