A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Convergence Technologies for 3G Networks: IP, UMTS,EGPRS and ATM
Convergence Technologies for 3G Networks: IP, UMTS,EGPRS and ATM
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Unwanted traffic in 3G networks
ACM SIGCOMM Computer Communication Review
Impact of paging channel overloads or attacks on a cellular network
WiSe '06 Proceedings of the 5th ACM workshop on Wireless security
Analysis of traffic flow measurements by rate-interval curves
valuetools '06 Proceedings of the 1st international conference on Performance evaluation methodolgies and tools
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Invited Talk: Sketch Based Anomaly Detection, Identification and Performance Evaluation
SAINT-W '07 Proceedings of the 2007 International Symposium on Applications and the Internet Workshops
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Proceedings of the 2007 workshop on Large scale attack defense
On attack causality in internet-connected cellular networks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Anomaly detection by finding feature distribution outliers
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
On dominant characteristics of residential broadband internet traffic
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Measuring serendipity: connecting people, locations and interests in a mobile 3G network
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Review: A review of DoS attack models for 3G cellular networks from a system-design perspective
Computer Communications
A distribution-based approach to anomaly detection and application to 3G mobile traffic
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A nonself space approach to network anomaly detection
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Hierarchical Kohonenen net for anomaly detection in network security
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Statistical analysis of network traffic for adaptive faults detection
IEEE Transactions on Neural Networks
Wiki-Watchdog: Anomaly Detection in Wikipedia Through a Distributional Lens
WI-IAT '11 Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 01
Computer Networks: The International Journal of Computer and Telecommunications Networking
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
Distribution-Based anomaly detection in network traffic
DataTraffic Monitoring and Analysis
| Hi-index | 0.00 |
The design of anomaly detection (AD) methods for network traffic has been intensively investigated by the research community in recent years. However, less attention has been devoted to the issues which eventually arise when deploying such tools in a real operational context. We designed a statistical based change detection algorithm for identifying deviations in distribution time series. The proposed method has been applied to the analysis of a large dataset from an operational 3G mobile network, in the perspective of the adoption of such a tool in production. Our algorithm is designed to cope with the marked non-stationarity and daily/weekly seasonality that characterize the traffic mix in a large public network. Several practical issues emerged during the study, including the need to handle incompleteness of the collected data, the difficulty in drilling down the cause of certain alarms, and the need for human assistance in resetting the algorithm after a persistent change in network configuration (e.g. a capacity upgrade). We report on our practical experience, highlighting the key lessons learned and the hands-on experience gained from such an analysis. Finally, we propose a novel methodology based on semisynthetic traces for tuning and performance assessment of the proposed AD algorithm. Copyright © 2010 John Wiley & Sons, Ltd.