Title :
Optimal volume anomaly detection in network traffic flows
Author :
Fillatre, Lionel ; Nikiforov, Igor ; Casas, Pedro ; Vaton, Sandrine
Author_Institution :
LM2S, Univ. de Technol. de Troyes, Troyes, France
Abstract :
Optimal detection of unusual and significant changes in network Origin-Destination (OD) traffic volumes from simple link load measurements is considered in the paper. The ambient traffic, i.e. the OD traffic matrix corresponding to the non-anomalous network state, is unknown and it is considered here as a nuisance parameter because it can mask the anomalies. Since the OD traffic matrix is not recoverable from simple link load measurements, the anomaly detection is an ill-posed decision-making problem. The method proposed in this paper consists of finding a linear parsimonious model of ambient traffic (nuisance parameter) and detecting anomalies by using an invariant detection algorithm based on a separation of the measurement space into disjoint subspaces corresponding to normal and anomalous network traffic. The method´s ability to detect anomalies is evaluated in real traffic from Abilene, a United States backbone network. The theoretically expected results are confirmed.
Keywords :
computer network management; decision making; matrix algebra; telecommunication traffic; OD traffic matrix; ambient traffic; anomalous network traffic; disjoint subspace; ill-posed decision making problem; invariant detection algorithm; linear parsimonious model; link load measurements; measurement space separation; network traffic flow; non-anomalous network state; optimal volume anomaly detection; origin-destination traffic volume; Gravity; Principal component analysis; Signal processing; Splines (mathematics); Testing; Time measurement; Vectors;
Conference_Titel :
Signal Processing Conference, 2008 16th European
Conference_Location :
Lausanne
