Abstract
The crucial future role of Internet in society makes of network monitoring a critical issue for network operators in future network scenarios. The Future Internet will have to cope with new and different anomalies, motivating the development of accurate detection algorithms. This paper presents a novel approach to detect unexpected and large traffic variations in data networks. We introduce an optimal volume anomaly detection algorithm in which the anomaly-free traffic is treated as a nuisance parameter. The algorithm relies on an original parsimonious model for traffic demands which allows detecting anomalies from link traffic measurements, reducing the overhead of data collection. The performance of the method is compared to that obtained with the Principal Components Analysis (PCA) approach. We choose this method as benchmark given its relevance in the anomaly detection literature. Our proposal is validated using data from an operational network, showing how the method outperforms the PCA approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Casas, P., Fillatre, L., Vaton, S.: Robust and Reactive Traffic Engineering for Dynamic Traffic Demands. In: Proc. EuroNGI Conference on Next Generation Networks (2008)
Johansson, C., Gunnar, A.: Data-driven Traffic Engineering: techniques, experiences and challenges. In: Proc. IEEE BROADNETS (2006)
Medina, A., Salamatian, K., Bhattacharyya, S., Diot, C.: Traffic Matrix Estimation: Existing Techniques and New Directions. In: Proc. ACM SIGCOMM (2002)
Zhang, Y., Roughan, M., Lund, C., Donoho, D.: Estimating Point-to-Point and Point-to-Multipoint Traffic Matrices: an Information-Theoretic Approach. IEEE/ACM Trans. Networking 13(5), 947–960 (2005)
Zhang, Y., Roughan, M., Duffield, N., Greenberg, A.: Fast Accurate Computation of Large-Scale IP Traffic Matrices from Link Load Measurements. In: Proc. ACM SIGMETRICS (2003)
Gunnar, A.,, Johansson, M., Telkamp, T.: Traffic Matrix Estimation on a Large IP Backbone - A Comparison on Real Data. In: Proc. USENIX/ACM IMC (2004)
Coates, M., Hero, A., Nowak, R., Yu, B.: Internet Tomography. IEEE Signal Processing Magazine 19(3), 47–65 (2002)
Hood, C., Ji, C.: Proactive network fault detection. In: Proc. IEEE INFOCOM (1997)
Katzela, I., Schwartz, M.: Schemes for fault identification in communications networks. IEEE/ACM Trans. Networking 3(6), 753–764 (1995)
Ward, A., Glynn, P., Richardson, K.: Internet service performance failure detection. Performance Evaluation Review (1998)
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for CDNs and webs. In: Proc. ACM WWW 2002 (2002)
Xie, L., et al.: From Detection to Remediation: A Self-Organized System for Addressing Flash Crowd Problems. In: Proc. IEEE ICC (2008)
Barford, P., Kline, J., Plonka, D., Ron, A.: A Signal Analysis of Network Traffic Anomalies. In: ACM SIGCOMM Internet Measurement Workshop (2002)
Brutlag, J.D.: Aberrant Behavior Detection in Time Series for Network Monitoring. In: Proc. 14th Systems Administration Conference (2000)
Cheng, C.M., Kung, H., Tan, K.S.: Use of Spectral Analysis in Defense Against DoS Attacks. In: Proc. IEEE GLOBECOM (2002)
Zou, C.C., Gong, W., Towsley, D., Gao, L.: The Monitoring and Early Detection of Internet Worms. IEEE/ACM Trans. Networking 13(5), 961–974 (2005)
Wang, H., Zhang, D., Shin, K.: Detecting SYN flooding attacks. In: Proc. IEEE INFOCOM (2002)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing Network-Wide Traffic Anomalies. In: Proc. ACM SIGCOMM (2004)
Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proc. ACM SIGCOMM (2005)
Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and Identification of Network Anomalies Using Sketch Subspaces. In: Proc. USENIX/ACM IMC (2006)
Ahmed, T., Coates, M., Lakhina, A.: Multivariate Online Anomaly Detection Using Kernel Recursive Least Squares. In: Proc. IEEE INFOCOM (2007)
Ringberg, H., Soule, A., Rexford, J., Diot, C.: Sensitivity of PCA for Traffic Anomaly Detection. In: Proc. ACM SIGMETRICS (2007)
Thottan, M., Ji, C.: Anomaly Detection in IP Networks. IEEE Trans. Signal Processing 51(8), 2191–2204 (2003)
Soule, A., Salamatian, K., Taft, N.: Combining Filtering and Statistical Methods for Anomaly Detection. In: Proc. USENIX/ACM IMC (2005)
Tartakovsky, A., et al.: A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans. Signal Processing 54(9), 3372–3382 (2006)
Zhang, Y., Ge, Z., Greenberg, A., Roughan, M.: Network Anomography. In: Proc. USENIX/ACM IMC (2005)
Nürnberger, G.: Approximation by Spline Functions. Springer, Heidelberg (1989)
Rao, C.: Linear Statistical Inference and its Applications. J. Wiley & Sons, Chichester (1973)
Lehman, E.: Testing Statistical Hypotheses, 2nd edn. Chapman & Hall, Boca Raton (1986)
Wald, A.: Tests of statistical hypotheses concerning several parameters when the number of observations is large. Trans. American Math. Soc. 54, 426–482 (1943)
Fillatre, L., Nikiforov, I.: Non-bayesian detection and detectability of anomalies from a few noisy tomographic projections. IEEE Trans. Signal Processing 55(2), 401–413 (2007)
The Abilene Observatory, http://abilene.internet2.edu/observatory/
Zhang, Y.: Abilene Dataset 04, http://www.cs.utexas.edu/yzhang/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Casas, P., Fillatre, L., Vaton, S., Nikiforov, I. (2009). Volume Anomaly Detection in Data Networks: An Optimal Detection Algorithm vs. the PCA Approach. In: Valadas, R., Salvador, P. (eds) Traffic Management and Traffic Engineering for the Future Internet. FITraMEn 2008. Lecture Notes in Computer Science, vol 5464. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04576-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-04576-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04575-2
Online ISBN: 978-3-642-04576-9
eBook Packages: Computer ScienceComputer Science (R0)