Detectability of traffic anomalies in two adjacent networks

Authors:
Augustin Soule;Haakon Ringberg;Fernando Silveira;Jennifer Rexford;Christophe Diot
Affiliations:
Thomson Research;Princeton University;Federal University of Rio de Janeiro;Princeton University;Thomson Research
Venue:
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Year:
2007

Citing 7
Cited 4

Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Ranking flows from sampled traffic

CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Traffic matrix tracking using Kalman filters

ACM SIGMETRICS Performance Evaluation Review - Special issue on the First ACM SIGMETRICS Workshop on Large Scale Network Inference (LSNI 2005)
Impact of packet sampling on anomaly detection metrics

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Network anomography

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Combining filtering and statistical methods for anomaly detection

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Traffic matrix reloaded: impact of routing changes

PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement

Challenging the supremacy of traffic matrices in anomaly detection

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
The risk-utility tradeoff for IP address truncation

Proceedings of the 1st ACM workshop on Network data anonymization
A two-layered anomaly detection technique based on multi-modal flow behavior models

PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
A signal processing view on packet sampling and anomaly detection

INFOCOM'10 Proceedings of the 29th conference on Information communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anomaly detection remains a poorly understood area where visual inspection and manual analysis play a significant role in the effectiveness of the detection technique. We observe traffic anomalies in two adjacent networks, namely GEANT and Abilene, in order to determine what parameters impact the detectability and the characteristics of anomalies. We correlate three weeks of traffic and routing data from both networks and apply Kalman filtering to detect anomalies that transit between the two networks. We show that differences in the monitoring infrastructure, network engineering practices, and anomaly-detection parameters have a large impact on which anomaly detectability. Through a case study of three specific anomalies, we illustrate the influence of the traffic mix, IP address anonymization, detection methodology, and packet sampling on the detectability of traffic anomalies.