Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Automating root-cause analysis of network anomalies using frequent itemset mining
Proceedings of the ACM SIGCOMM 2010 conference
TVi: a visual querying system for network monitoring and anomaly detection
Proceedings of the 8th International Symposium on Visualization for Cyber Security
Improved anomaly detection using block-matching denoising
Computer Communications
Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis
Proceedings of the 2nd International Conference on Application and Theory of Automation in Command and Control Systems
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
K-sparse approximation for traffic histogram dimensionality reduction
Proceedings of the 8th International Conference on Network and Service Management
Anomaly detection on ITS data via view association
Proceedings of the ACM SIGKDD Workshop on Outlier Detection and Description
A modular multi-location anonymized traffic monitoring tool for a WiFi network
Proceedings of the 4th ACM conference on Data and application security and privacy
| Hi-index | 0.00 |
Identifying network anomalies is essential in enterprise and provider networks for diagnosing events, like attacks or failures, that severely impact performance, security, and Service Level Agreements (SLAs). Feature-based anomaly detection models (ab)normal network traffic behavior by analyzing different packet header features, like IP addresses and port numbers. In this work, we describe a new approach to feature-based anomaly detection that constructs histograms of different traffic features, models histogram patterns, and identifies deviations from the created models. We assess the strengths and weaknesses of many design options, like the utility of different features, the construction of feature histograms, the modeling and clustering algorithms, and the detection of deviations. Compared to previous feature-based anomaly detection approaches, our work differs by constructing detailed histogram models, rather than using coarse entropy-based distribution approximations. We evaluate histogram-based anomaly detection and compare it to previous approaches using collected network traffic traces. Our results demonstrate the effectiveness of our technique in identifying a wide range of anomalies. The assessed technical details are generic and, therefore, we expect that the derived insights will be useful for similar future research efforts.