Schemes for fault identification in communication networks
IEEE/ACM Transactions on Networking (TON)
Internet service performance failure detection
ACM SIGMETRICS Performance Evaluation Review
Deriving traffic demands for operational IP networks: methodology and experience
IEEE/ACM Transactions on Networking (TON)
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A case study of OSPF behavior in a large enterprise network
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Proactive Network Fault Detection
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Sketch-based change detection: methods, evaluation, and applications
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
IP forwarding anomalies and improving their detection using multiple data sources
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Traffic matrix estimation on a large IP backbone: a comparison on real data
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
A Wavelet Tour of Signal Processing, Third Edition: The Sparse Way
A Wavelet Tour of Signal Processing, Third Edition: The Sparse Way
Traffic matrix reloaded: impact of routing changes
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Proactive anomaly detection using distributed intelligent agents
IEEE Network: The Magazine of Global Internetworking
NetScope: traffic engineering for IP networks
IEEE Network: The Magazine of Global Internetworking
Secure distributed data-mining and its application to large-scale network measurements
ACM SIGCOMM Computer Communication Review
NetQuest: a flexible framework for large-scale network measurement
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Robust traffic matrix estimation with imperfect information: making use of multiple data sources
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Data streaming algorithms for estimating entropy of network traffic
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Toward sophisticated detection with distributed triggers
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Journal of Network and Systems Management
Challenging the supremacy of traffic matrices in anomaly detection
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Proceedings of the 2007 workshop on Large scale attack defense
Application of autonomic agents for global information grid management and security
Proceedings of the 2007 Summer Computer Simulation Conference
Anomaly Characterization in Flow-Based Traffic Time Series
IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
NetQuest: a flexible framework for large-scale network measurement
IEEE/ACM Transactions on Networking (TON)
Troubleshooting chronic conditions in large IP networks
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Inferring undesirable behavior from P2P traffic analysis
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Spatio-temporal network anomaly detection by assessing deviations of empirical measures
IEEE/ACM Transactions on Networking (TON)
Spatio-temporal compressive sensing and internet traffic matrices
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Stealthy poisoning attacks on PCA-based anomaly detectors
ACM SIGMETRICS Performance Evaluation Review
ANTIDOTE: understanding and defending against poisoning of anomaly detectors
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
The nature of data center traffic: measurements & analysis
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Effective discovery of attacks using entropy of packet dynamics
IEEE Network: The Magazine of Global Internetworking
Detectability of traffic anomalies in two adjacent networks
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Parameterized anomaly detection system with automatic configuration
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Computer Networks: The International Journal of Computer and Telecommunications Networking
ASTUTE: detecting a different class of traffic anomalies
Proceedings of the ACM SIGCOMM 2010 conference
Detecting the performance impact of upgrades in large operational networks
Proceedings of the ACM SIGCOMM 2010 conference
BasisDetect: a model-based network event detection framework
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Reactive Robust Routing: Anomaly Localization and Routing Reconfiguration for Dynamic Networks
Journal of Network and Systems Management
A case study of the accuracy of SNMP measurements
Journal of Electrical and Computer Engineering
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
Discovering spatio-temporal causal interactions in traffic data streams
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
P3CA: private anomaly detection across ISP networks
PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
Rapid detection of maintenance induced changes in service performance
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Tracking low-precision clocks with time-varying drifts using kalman filtering
IEEE/ACM Transactions on Networking (TON)
Structural analysis of network traffic matrix via relaxed principal component pursuit
Computer Networks: The International Journal of Computer and Telecommunications Networking
Spatio-temporal compressive sensing and internet traffic matrices
IEEE/ACM Transactions on Networking (TON)
Robust assessment of changes in cellular networks
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
| Hi-index | 0.00 |
Anomaly detection is a first and important step needed to respond to unexpected problems and to assure high performance and security in IP networks. We introduce a framework and a powerful class of algorithms for network anomography, the problem of inferring network-level anomalies from widely available data aggregates. The framework contains novel algorithms, as well as a recently published approach based on Principal Component Analysis (PCA). Moreover, owing to its clear separation of inference and anomaly detection, the framework opens the door to the creation of whole families of new algorithms. We introduce several such algorithms here, based on ARIMA modeling, the Fourier transform, Wavelets, and Principal Component Analysis. We introduce a new dynamic anomography algorithm, which effectively tracks routing and traffic change, so as to alert with high fidelity on intrinsic changes in network-level traffic, yet not on internal routing changes. An additional benefit of dynamic anomography is that it is robust to missing data, an important operational reality. To the best of our knowledge, this is the first anomography algorithm that can handle routing changes and missing data. To evaluate these algorithms, we used several months of traffic data collected from the Abilene network and from a large Tier-1 ISP network. To compare performance, we use the methodology put forward earlier for the Abilene data set. The findings are encouraging. Among the new algorithms introduced here, we see: high accuracy in detection (few false negatives and few false positives), and high robustness (little performance degradation in the presence of measurement noise, missing data and routing changes).