Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Providing public intradomain traffic matrices to the research community
ACM SIGCOMM Computer Communication Review
Internet traffic behavior profiling for network security monitoring
IEEE/ACM Transactions on Networking (TON)
Anomaly extraction in backbone networks using association rules
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Power-Law Distributions in Empirical Data
SIAM Review
Model-based compressive sensing
IEEE Transactions on Information Theory
Histogram-based traffic anomaly detection
IEEE Transactions on Network and Service Management
A Survey on Internet Traffic Identification
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
Traffic histograms play a crucial role in various network management applications such as network traffic anomaly detection. However, traffic histogram-based analysis suffers from the curse of dimensionality. To tackle this problem, we propose a novel approach called K-sparse approximation. This approach can drastically reduce the dimensionality of a histogram, while keeping the approximation error low. K-sparse approximation reorders the traffic histogram and uses the top-K coefficients of the reordered histogram to approximate the original histogram. We find that after reordering the widely-used histograms of source port and destination port exhibit a power-law distribution, based on which we establish a relationship between K and the resulting approximation error. Using a set of traces collected from a European network and a regional network, we evaluate our K-sparse approximation and compare it with a well-known entropy-based approach. We find that the power-law property holds for different traces and time intervals. In addition, our results show that K-sparse approximation has a unique property that is lacking in the entropy-based approach. Specifically, K-sparse approximation explicitly exposes a tradeoff between compression level and approximation accuracy, enabling to easily select a desired settlement point between the two objectives.