Advertisement

Detection of Leaps/sLumps in Traffic Volume of Internet Backbone

  • Yutaka Hirokawa
  • Kimihiro Yamamoto
  • Shigeaki Harada
  • Ryoichi Kawahara
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5297)

Abstract

This paper focuses on detecting anomalies in Internet backbone traffic. To monitor traffic on a scale of several terabits per second, we need to divide the time series data of a traffic volume into many slices. Therefore, we need to monitor a lot of traffic data. However, adjusting an appropriate threshold for each traffic time series data individually is difficult. To solve this problem, we propose an anomaly-detection algorithm that does not need parameters to be set for each time series data. This algorithm operates acc-urately with low computational complexity. A side-by-side test demonstrated that the accuracy of the algorithm was higher than that of the conventional method. Moreover, the necessary learning period of the algorithm was shorter than that of the conventional method.

Keywords

Internet backbone traffic volume anomaly detection 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bollinger, J.: Bollinger On Bollinger Bands. McGraw-Hill, New York (2001)Google Scholar
  2. 2.
    Brutlag, J.D.: Aberrant Behavior Detection in Time Series for Network Monitoring. In: Proceedings of the USENIX Fourteenth System Administration Conference LISA XIV, New Orleans, LA (December 2000)Google Scholar
  3. 3.
    Barford, P., Kline, J., Plonka, D., Ron, A.: A Signal Analysis of Network Traffic Anomalies. In: Internet Measurement Workshop 2002 (2002)Google Scholar
  4. 4.
    Ishibashi, K., Kawahara, R., Mori, T., Kondoh, T., Asano, S.: Effect of sampling rate and monitoring granuality on anomaly detectability. In: 10th IEEE Global Internet Symposium (2007)Google Scholar
  5. 5.
    Kawahara, R., Mori, T., Kamiyama, N., Harada, S., Asano, S.: A study on detecting network anomalies using sampled flow statistics. In: IEEE SAINT 2007 Workshop (2007)Google Scholar
  6. 6.
  7. 7.
    Oetiker, T.: The rrdtool manual,http://oss.oetiker.ch/rrdtool/
  8. 8.
    Brutlag, J.D.: Notes on RRDTOOL implementation of Aberrant Behavior Detection, http://cricket.sourceforge.net/aberrant/rrd_hw.htm
  9. 9.
    GNU R WWW page, http://www.r-project.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Yutaka Hirokawa
    • 1
  • Kimihiro Yamamoto
    • 1
  • Shigeaki Harada
    • 2
  • Ryoichi Kawahara
    • 2
  1. 1.NTT Information Sharing Platform LaboratoriesTokyoJapan
  2. 2.NTT Service Integration LaboratoriesTokyoJapan

Personalised recommendations