Detecting traffic anomalies using an equilibrium property

Authors:
Fernando Silveira;Christophe Diot;Nina Taft;Ramesh Govindan
Affiliations:
Technicolor, Paris, France;Technicolor, Paris, France;Intel Labs Berkeley, Berkeley, CA, USA;University of Southern California, Los Angeles, CA, USA
Venue:
Proceedings of the ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Year:
2010

Citing 1
Cited 0

Cluster processes: a natural language for network traffic

IEEE Transactions on Signal Processing

Quantified Score

Hi-index	0.00

Visualization

Abstract

When many flows are multiplexed on a non-saturated link, their volume changes over short timescales tend to cancel each other out, making the average change across flows close to zero. This equilibrium property holds if the flows are nearly independent, and it is violated by traffic changes caused by several correlated flows. We exploit this empirical property to design a computationally simple anomaly detection method.