Traffic dispersion graph based anomaly detection

Authors:
Do Quoc Le;Taeyoel Jeong;H. Eduardo Roman;James Won-Ki Hong
Affiliations:
Pohang University of Science and Technology (POSTECH), Korea;Pohang University of Science and Technology (POSTECH), Korea;Pohang University of Science and Technology (POSTECH), Korea;Pohang University of Science and Technology (POSTECH), Korea
Venue:
Proceedings of the Second Symposium on Information and Communication Technology
Year:
2011

Citing 11
Cited 1

Graph-Based Data Mining

IEEE Intelligent Systems
Graph-based anomaly detection

Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Eigenspace-based anomaly detection in computer systems

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
A (Sub)Graph Isomorphism Algorithm for Matching Large Graphs

IEEE Transactions on Pattern Analysis and Machine Intelligence
GraphScope: parameter-free mining of large time-evolving graphs

Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
Orbis: rescaling degree correlations to generate annotated internet topologies

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Network monitoring using traffic dispersion graphs (tdgs)

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Anomaly detection in data represented as graphs

Intelligent Data Analysis
Anomaly detection: A survey

ACM Computing Surveys (CSUR)
Exploiting dynamicity in graph-based traffic analysis: techniques and applications

Proceedings of the 5th international conference on Emerging networking experiments and technologies
Measurement-calibrated graph models for social network experiments

Proceedings of the 19th international conference on World wide web

SigSpot: mining significant anomalous regions from time-evolving networks (abstract only)

SIGMOD '12 Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data

Quantified Score

Hi-index	0.00

Visualization

Abstract

Detecting and diagnosing anomalous traffic are important aspects of managing IP networks. In this paper, we propose a novel approach to detect anomalous network traffic based on graph theory concepts such as degree distribution, maximum degree and dK-2 distance. In this approach, we have used the traffic dispersion graphs (TDG) to model network traffic over time. We analyze differences of TDG graphs in time series to detect anomalies and introduce a method to identify attack patterns in anomalous traffic. The approach has been validated by using network traces from POSTECH and CAIDA.