Elements of information theory
Elements of information theory
ACM Transactions on Computer Systems (TOCS)
Detection, Estimation, and Modulation Theory: Radar-Sonar Signal Processing and Gaussian Signals in Noise
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Linear-complexity models for wireless MAC-to-MAC channels
Wireless Networks
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Statistical change detection for multi-dimensional data
Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
LTE, The UMTS Long Term Evolution: From Theory to Practice
LTE, The UMTS Long Term Evolution: From Theory to Practice
On dominant characteristics of residential broadband internet traffic
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
On the role of flows and sessions in internet traffic modeling: an explorative toy-model
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Distribution-based anomaly detection in 3G mobile networks: from theory to practice
International Journal of Network Management
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
In this Chapter we address the problem of detecting "anomalies" in the global network traffic produced by a large population of end-users. Empirical distributions across users are considered for several traffic variables at different timescales, and the goal is to identify statistically-significant deviations from the past behavior. This problem is casted into the framework of hypothesis testing. We first address the methodology for dynamically identifying a reference for the null hypothesis ("normal" traffic) that takes into account the typical non-stationarity of real traffic in volume and composition. Then, we illustrate two general distribution-based detection approaches based on both heuristic and formal methods. We discuss also operational criteria for dynamically tuning the detector, so as to track the physiological variation of traffic profiles and number of active users. The Chapter includes a final evaluation based on the analysis of a dataset from an operational 3G network, so as to show in practice the detection of real-world traffic anomalies.