Abstract | ||
---|---|---|
Traffic anomaly detection has received a lot of attention over recent years, but understanding the nature of these anomalies and identifying the flows involved is still a manual task, in most cases. We introduce Unsupervised Root Cause Analysis (URCA) which isolates anomalous traffic and classifies alarms with minimal manual assistance and high accuracy. URCA proceeds by successive reduction of the anomalous space, eliminating normal traffic based on feedback from the anomaly detection method. Classification is done by clustering a new anomaly with previously labeled events. We validate URCA using manually analyzed real anomalies as well as synthetic anomaly injection. Our validation shows that URCA can accurately diagnose a large range of anomaly types, including network scans, DDoS attacks, and major routing changes. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1109/INFCOM.2010.5462151 | San Diego, CA |
Keywords | Field | DocType |
telecommunication congestion control,telecommunication security,anomalous space,anomalous traffic isolation,classification,root causes,traffic anomaly detection,unsupervised root cause analysis | Anomaly detection,Denial-of-service attack,Computer science,Root cause analysis,Computer network,Telecommunication security,Classification tree analysis,Cluster analysis,Statistical classification,Communications society | Conference |
ISSN | ISBN | Citations |
0743-166X | 978-1-4244-5836-3 | 27 |
PageRank | References | Authors |
1.18 | 16 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Fernando Silveira | 1 | 27 | 1.18 |
Christophe Diot | 2 | 7831 | 590.69 |