Skip to main content
SpringerLink
Log in

Volume Anomaly Detection in Data Networks: An Optimal Detection Algorithm vs. the PCA Approach

  • Conference paper
Traffic Management and Traffic Engineering for the Future Internet (FITraMEn 2008)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 5464))

Abstract

The crucial future role of Internet in society makes of network monitoring a critical issue for network operators in future network scenarios. The Future Internet will have to cope with new and different anomalies, motivating the development of accurate detection algorithms. This paper presents a novel approach to detect unexpected and large traffic variations in data networks. We introduce an optimal volume anomaly detection algorithm in which the anomaly-free traffic is treated as a nuisance parameter. The algorithm relies on an original parsimonious model for traffic demands which allows detecting anomalies from link traffic measurements, reducing the overhead of data collection. The performance of the method is compared to that obtained with the Principal Components Analysis (PCA) approach. We choose this method as benchmark given its relevance in the anomaly detection literature. Our proposal is validated using data from an operational network, showing how the method outperforms the PCA approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Casas, P., Fillatre, L., Vaton, S.: Robust and Reactive Traffic Engineering for Dynamic Traffic Demands. In: Proc. EuroNGI Conference on Next Generation Networks (2008)

    Google Scholar 

  2. Johansson, C., Gunnar, A.: Data-driven Traffic Engineering: techniques, experiences and challenges. In: Proc. IEEE BROADNETS (2006)

    Google Scholar 

  3. Medina, A., Salamatian, K., Bhattacharyya, S., Diot, C.: Traffic Matrix Estimation: Existing Techniques and New Directions. In: Proc. ACM SIGCOMM (2002)

    Google Scholar 

  4. Zhang, Y., Roughan, M., Lund, C., Donoho, D.: Estimating Point-to-Point and Point-to-Multipoint Traffic Matrices: an Information-Theoretic Approach. IEEE/ACM Trans. Networking 13(5), 947–960 (2005)

    Article  MATH  Google Scholar 

  5. Zhang, Y., Roughan, M., Duffield, N., Greenberg, A.: Fast Accurate Computation of Large-Scale IP Traffic Matrices from Link Load Measurements. In: Proc. ACM SIGMETRICS (2003)

    Google Scholar 

  6. Gunnar, A.,, Johansson, M., Telkamp, T.: Traffic Matrix Estimation on a Large IP Backbone - A Comparison on Real Data. In: Proc. USENIX/ACM IMC (2004)

    Google Scholar 

  7. Coates, M., Hero, A., Nowak, R., Yu, B.: Internet Tomography. IEEE Signal Processing Magazine 19(3), 47–65 (2002)

    Article  Google Scholar 

  8. Hood, C., Ji, C.: Proactive network fault detection. In: Proc. IEEE INFOCOM (1997)

    Google Scholar 

  9. Katzela, I., Schwartz, M.: Schemes for fault identification in communications networks. IEEE/ACM Trans. Networking 3(6), 753–764 (1995)

    Article  Google Scholar 

  10. Ward, A., Glynn, P., Richardson, K.: Internet service performance failure detection. Performance Evaluation Review (1998)

    Google Scholar 

  11. Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: Characterization and implications for CDNs and webs. In: Proc. ACM WWW 2002 (2002)

    Google Scholar 

  12. Xie, L., et al.: From Detection to Remediation: A Self-Organized System for Addressing Flash Crowd Problems. In: Proc. IEEE ICC (2008)

    Google Scholar 

  13. Barford, P., Kline, J., Plonka, D., Ron, A.: A Signal Analysis of Network Traffic Anomalies. In: ACM SIGCOMM Internet Measurement Workshop (2002)

    Google Scholar 

  14. Brutlag, J.D.: Aberrant Behavior Detection in Time Series for Network Monitoring. In: Proc. 14th Systems Administration Conference (2000)

    Google Scholar 

  15. Cheng, C.M., Kung, H., Tan, K.S.: Use of Spectral Analysis in Defense Against DoS Attacks. In: Proc. IEEE GLOBECOM (2002)

    Google Scholar 

  16. Zou, C.C., Gong, W., Towsley, D., Gao, L.: The Monitoring and Early Detection of Internet Worms. IEEE/ACM Trans. Networking 13(5), 961–974 (2005)

    Article  Google Scholar 

  17. Wang, H., Zhang, D., Shin, K.: Detecting SYN flooding attacks. In: Proc. IEEE INFOCOM (2002)

    Google Scholar 

  18. Lakhina, A., Crovella, M., Diot, C.: Diagnosing Network-Wide Traffic Anomalies. In: Proc. ACM SIGCOMM (2004)

    Google Scholar 

  19. Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: Proc. ACM SIGCOMM (2005)

    Google Scholar 

  20. Li, X., Bian, F., Crovella, M., Diot, C., Govindan, R., Iannaccone, G., Lakhina, A.: Detection and Identification of Network Anomalies Using Sketch Subspaces. In: Proc. USENIX/ACM IMC (2006)

    Google Scholar 

  21. Ahmed, T., Coates, M., Lakhina, A.: Multivariate Online Anomaly Detection Using Kernel Recursive Least Squares. In: Proc. IEEE INFOCOM (2007)

    Google Scholar 

  22. Ringberg, H., Soule, A., Rexford, J., Diot, C.: Sensitivity of PCA for Traffic Anomaly Detection. In: Proc. ACM SIGMETRICS (2007)

    Google Scholar 

  23. Thottan, M., Ji, C.: Anomaly Detection in IP Networks. IEEE Trans. Signal Processing 51(8), 2191–2204 (2003)

    Article  Google Scholar 

  24. Soule, A., Salamatian, K., Taft, N.: Combining Filtering and Statistical Methods for Anomaly Detection. In: Proc. USENIX/ACM IMC (2005)

    Google Scholar 

  25. Tartakovsky, A., et al.: A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans. Signal Processing 54(9), 3372–3382 (2006)

    Article  Google Scholar 

  26. Zhang, Y., Ge, Z., Greenberg, A., Roughan, M.: Network Anomography. In: Proc. USENIX/ACM IMC (2005)

    Google Scholar 

  27. Nürnberger, G.: Approximation by Spline Functions. Springer, Heidelberg (1989)

    Book  MATH  Google Scholar 

  28. Rao, C.: Linear Statistical Inference and its Applications. J. Wiley & Sons, Chichester (1973)

    Book  MATH  Google Scholar 

  29. Lehman, E.: Testing Statistical Hypotheses, 2nd edn. Chapman & Hall, Boca Raton (1986)

    Book  Google Scholar 

  30. Wald, A.: Tests of statistical hypotheses concerning several parameters when the number of observations is large. Trans. American Math. Soc. 54, 426–482 (1943)

    Article  MathSciNet  MATH  Google Scholar 

  31. Fillatre, L., Nikiforov, I.: Non-bayesian detection and detectability of anomalies from a few noisy tomographic projections. IEEE Trans. Signal Processing 55(2), 401–413 (2007)

    Article  MathSciNet  Google Scholar 

  32. The Abilene Observatory, http://abilene.internet2.edu/observatory/

  33. Zhang, Y.: Abilene Dataset 04, http://www.cs.utexas.edu/yzhang/

Download references

Author information

Authors and Affiliations

  1. TELECOM Bretagne, Computer Science Department, Technopôle Brest-Iroise, 29238, Brest, France

    Pedro Casas & Sandrine Vaton

  2. Charles Delaunay Institute/LM2S, FRE CNRS 2848, Université de Technologie de Troyes, 12 rue Marie Curie, 10010, Troyes, France

    Lionel Fillatre & Igor Nikiforov

  3. Faculty of Engineering, Universidad de la República, Julio Herrera y Reissig 565, 11300, Montevideo, Uruguay

    Pedro Casas

Authors
  1. Pedro Casas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lionel Fillatre
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sandrine Vaton
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Igor Nikiforov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Instituto de Telecomunicacoes, Instituto Superior Technico, Av. Rovisco Pais, 1049-001, Lisboa, Portugal

    Rui Valadas

  2. Instituto de Telecomunicacoes, Universidade de Aveiro, Campus de Santiago, 3810-193, Aveiro, Portugal

    Paulo Salvador

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Casas, P., Fillatre, L., Vaton, S., Nikiforov, I. (2009). Volume Anomaly Detection in Data Networks: An Optimal Detection Algorithm vs. the PCA Approach. In: Valadas, R., Salvador, P. (eds) Traffic Management and Traffic Engineering for the Future Internet. FITraMEn 2008. Lecture Notes in Computer Science, vol 5464. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04576-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04576-9_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04575-2

  • Online ISBN: 978-3-642-04576-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation