Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Ranking flows from sampled traffic
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Traffic matrix tracking using Kalman filters
ACM SIGMETRICS Performance Evaluation Review - Special issue on the First ACM SIGMETRICS Workshop on Large Scale Network Inference (LSNI 2005)
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Traffic matrix reloaded: impact of routing changes
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Challenging the supremacy of traffic matrices in anomaly detection
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
The risk-utility tradeoff for IP address truncation
Proceedings of the 1st ACM workshop on Network data anonymization
A two-layered anomaly detection technique based on multi-modal flow behavior models
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
A signal processing view on packet sampling and anomaly detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
Hi-index | 0.00 |
Anomaly detection remains a poorly understood area where visual inspection and manual analysis play a significant role in the effectiveness of the detection technique. We observe traffic anomalies in two adjacent networks, namely GEANT and Abilene, in order to determine what parameters impact the detectability and the characteristics of anomalies. We correlate three weeks of traffic and routing data from both networks and apply Kalman filtering to detect anomalies that transit between the two networks. We show that differences in the monitoring infrastructure, network engineering practices, and anomaly-detection parameters have a large impact on which anomaly detectability. Through a case study of three specific anomalies, we illustrate the influence of the traffic mix, IP address anonymization, detection methodology, and packet sampling on the detectability of traffic anomalies.