Title :
Detecting Network-Wide Traffic Anomalies Based on Spatial HMM
Author :
Li, Min ; Yu, Shunzheng ; He, Li
Author_Institution :
Dept. of Electron. & Commun. Eng., Sun Yat-Sen Univ., Guangzhou
Abstract :
In contrast to many techniques exploiting temporal patterns of traffic from a single network element, network-wide traffic analysis mainly focuses on the spatial behavior across the whole network. This paper proposes a spatial hidden Markov model (SHMM) to learn the normal patterns of network-wide traffic. Combined with topology information, SHMM models traffic volumes on links as probabilistic outputs of underlying interactions between routers. Based on a trained SHMM, a nonparametric CUSUM algorithm is used to track the change of entropy of observation sequences in different sliding windows for anomaly detection. Background traffic collected from real network and synthetic anomalies are used for validation of the detection method. The results prove our method effective for network-wide traffic anomaly detection.
Keywords :
Internet; hidden Markov models; security of data; telecommunication network topology; telecommunication traffic; anomaly detection; network-wide traffic analysis; network-wide traffic anomalies; single network element; spatial hidden Markov model; topology information; traffic temporal patterns; traffic volumes; Change detection algorithms; Communication system traffic control; Helium; Hidden Markov models; Network topology; Parallel processing; Pattern analysis; Sun; Telecommunication traffic; Traffic control; HMM; anomaly detection; network-wide;
Conference_Titel :
Network and Parallel Computing, 2008. NPC 2008. IFIP International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3354-4
DOI :
10.1109/NPC.2008.89
