A Hough-transform-based anomaly detector with an adaptive time interval

Authors:
Romain Fontugne;Kensuke Fukuda
Affiliations:
The Graduate University for Advanced Studies, Tokyo, Japan;National Institute of Informatics, Tokyo, Japan
Venue:
ACM SIGAPP Applied Computing Review
Year:
2011

Citing 13
Cited 1

Use of the Hough transformation to detect lines and curves in pictures

Communications of the ACM
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Sensitivity of PCA for traffic anomaly detection

Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Traffic data repository at the WIDE project

ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Challenging the supremacy of traffic matrices in anomaly detection

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures

Proceedings of the 2007 workshop on Large scale attack defense
Internet traffic behavior profiling for network security monitoring

IEEE/ACM Transactions on Networking (TON)
Anomaly extraction in backbone networks using association rules

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
An automatic and dynamic parameter tuning of a statistic-based anomaly detection algorithm

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
URCA: pulling out anomalies by their root causes

INFOCOM'10 Proceedings of the 29th conference on Information communications
ASTUTE: detecting a different class of traffic anomalies

Proceedings of the ACM SIGCOMM 2010 conference
MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking

Proceedings of the 6th International COnference
A Hough-transform-based anomaly detector with an adaptive time interval

Proceedings of the 2011 ACM Symposium on Applied Computing

MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking

Proceedings of the 6th International COnference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Internet traffic anomalies are a serious problem that compromises the availability of optimal network resources. Numerous anomaly detectors have recently been proposed, but maintaining their parameters optimally tuned is a difficult task that discredits their effectiveness for daily usage. This article proposes a new anomaly detection method based on pattern recognition and investigates the relationship between its parameter set and the traffic characteristics. This analysis highlights that constantly achieving a high detection rate requires continuous adjustments to the parameters according to the traffic fluctuations. Therefore, an adaptive time interval mechanism is proposed to enhance the robustness of the detection method to traffic variations. This adaptive anomaly detection method is evaluated by comparing it to three other anomaly detectors using four years of real backbone traffic. The evaluation reveals that the proposed adaptive detection method outperforms the other methods in terms of the true positive and false positive rate.