Computer network monitoring and abnormal event detection using graph matching and multidimensional scaling

Authors:
H. Bunke;P. Dickinson;A. Humm;Ch. Irniger;M. Kraetzl
Affiliations:
Institut für Informatik und angewandte Mathematik, University of Bern, Bern, Switzerland;Intelligence, Surveillance and Reconnaissance Division, Defence Science and Technology Organisation, Edinburgh, Australia;Institut für Informatik und angewandte Mathematik, University of Bern, Bern, Switzerland;Institut für Informatik und angewandte Mathematik, University of Bern, Bern, Switzerland;Intelligence, Surveillance and Reconnaissance Division, Defence Science and Technology Organisation, Edinburgh, Australia
Venue:
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
Year:
2006

Citing 9
Cited 0

An Algorithm for Subgraph Isomorphism

Journal of the ACM (JACM)
Data clustering: a review

ACM Computing Surveys (CSUR)
Characteristics of network traffic flow anomalies

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
An Approach to Selecting Metrics for Detecting Performance Problems in Information Systems

SMW '96 Proceedings of the 2nd IEEE International Workshop on Systems Management (SMW'96)
Learning Rules for Anomaly Detection of Hostile Network Traffic

ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
A wavelet-based framework for proactive detection of network misconfigurations

Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Alarm clustering for intrusion detection systems in computer networks

MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Signature-Based approach for intrusion detection

MLDM'05 Proceedings of the 4th international conference on Machine Learning and Data Mining in Pattern Recognition
Proactive anomaly detection using distributed intelligent agents

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Computer network monitoring and abnormal event detection have become important areas of research. In previous work, it has been proposed to represent a computer network as a time series of graphs and to compute the difference, or distance, of consecutive graphs in such a time series. Whenever the distance of two graphs exceeds a given threshold, an abnormal event is reported. In the present paper we go one step further and compute graph distances between all pairs of graphs in a time series. Given these distances, a multidimensional scaling procedure is applied that maps each graph onto a point in the two-dimensional real plane, such that the distances between the graphs are reflected, as closely as possible, in the distances between the points in the two-dimensional plane. In this way the behaviour of a network can be visualised and abnormal events as well as states or clusters of states of the network can be graphically represented. We demonstrate the feasibility of the proposed method by means of synthetically generated graph sequences and data from real computer networks.