A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A clean slate 4D approach to network control and management
ACM SIGCOMM Computer Communication Review
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
ProgME: towards programmable network measurement
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
CSAMP: a system for network-wide flow monitoring
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Scalable flow-based networking with DIFANE
Proceedings of the ACM SIGCOMM 2010 conference
Can the production network be the testbed?
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
OpenFlow-based server load balancing gone wild
Hot-ICE'11 Proceedings of the 11th USENIX conference on Hot topics in management of internet, cloud, and enterprise networks and services
Online measurement of large traffic aggregates on commodity switches
Hot-ICE'11 Proceedings of the 11th USENIX conference on Hot topics in management of internet, cloud, and enterprise networks and services
DevoFlow: scaling flow management for high-performance networks
Proceedings of the ACM SIGCOMM 2011 conference
Frenetic: a network programming language
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Streaming Solutions for Fine-Grained Network Traffic Measurements and Analysis
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
LEISURE: A Framework for Load-Balanced Network-Wide Traffic Measurement
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Consistent updates for software-defined networks: change you can believe in!
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Blockmon: a high-performance composable network traffic measurement system
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Software defined traffic measurement with OpenSketch
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Resource/accuracy tradeoffs in software-defined measurement
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Hi-index | 0.00 |
The accuracy and granularity of network flow measurement play a critical role in many network management tasks, especially for anomaly detection. Despite its important, traffic monitoring often introduces overhead to the network, thus, operators have to employ sampling and aggregation to avoid overloading the infrastructure. However, such sampled and aggregated information may affect the accuracy of traffic anomaly detection. In this work, we propose a novel method that performs adaptive zooming in the aggregation of flows to be measured. In order to better balance the monitoring overhead and the anomaly detection accuracy, we propose a prediction based algorithm that dynamically change the granularity of measurement along both the spatial and the temporal dimensions. To control the load on each individual switch, we carefully delegate monitoring rules in the network wide. Using real-world data and three simple anomaly detectors, we show that the adaptive based counting can detect anomalies more accurately with less overhead.