Paper Info
Title
Detectability of traffic anomalies in two adjacent networks
Abstract
Anomaly detection remains a poorly understood area where visual inspection and manual analysis play a significant role in the effectiveness of the detection technique. We observe traffic anomalies in two adjacent networks, namely GEANT and Abilene, in order to determine what parameters impact the detectability and the characteristics of anomalies. We correlate three weeks of traffic and routing data from both networks and apply Kalman filtering to detect anomalies that transit between the two networks. We show that differences in the monitoring infrastructure, network engineering practices, and anomaly-detection parameters have a large impact on which anomaly detectability. Through a case study of three specific anomalies, we illustrate the influence of the traffic mix, IP address anonymization, detection methodology, and packet sampling on the detectability of traffic anomalies.
Year
DOI
Venue
2007
10.1007/978-3-540-71617-4_3
PAM
Keywords
Field
DocType
adjacent network,ip address anonymization,anomaly detection,detection technique,traffic mix,specific anomaly,parameters impact,detection methodology,anomaly detectability,traffic anomaly,large impact,visual inspection,kalman filter
Network engineering,Traffic mix,Anomaly detection,Data mining,Visual inspection,Ip address,Computer science,Real-time computing,Kalman filter,Packet sampling
Conference
Volume
ISSN
Citations 
4427
0302-9743
14
PageRank 
References 
Authors
0.83
7
5
Name
Order
Citations
PageRank
Augustin Soule158435.76
Haakon Ringberg2975.69
Fernando Silveira3191.43
Jennifer Rexford4143781195.34
Christophe Diot57831590.69