Detecting network anomalies in backbone networks

Authors:
Christian Callegari;Loris Gazzarrini;Stefano Giordano;Michele Pagano;Teresa Pepe
Affiliations:
Dept. of Information Engineering, University of Pisa, Italy;Dept. of Information Engineering, University of Pisa, Italy;Dept. of Information Engineering, University of Pisa, Italy;Dept. of Information Engineering, University of Pisa, Italy;Dept. of Information Engineering, University of Pisa, Italy
Venue:
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Year:
2010

Citing 2
Cited 1

Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement

Automatic network intrusion detection: Current techniques and open issues

Computers and Electrical Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management. As it appears clearly, the problem becomes even more challenging when taking into consideration backbone networks that add strict constraints in terms of performance. In recent years, Principal Component Analysis (PCA) has emerged as a very promising technique for detecting a wide variety of network anomalies. PCA is a dimensionality-reduction technique that allows the reduction of the dataset dimensionality (number of variables), while retaining most of the original variability in the data. The set of the original data is projected onto new axes, called Principal Components (PCs). Each PC has the property that it points in the direction of maximum variance remaining in the data, given the variance already accounted for in the preceding components.