Title :
Anomaly Detection Based on Available Bandwidth Estimation
Author :
He, Li ; Yu, Shunzheng ; Li, Min
Author_Institution :
Dept. of Electron. & Commun. Eng., Sun Yat-sen Univ., Guangzhou
Abstract :
Identifying anomaly detection such as failure and attacks rapidly and accurately over the Internet holds interest of both network operators and researchers. Network behavior analysis (NBA) system is usually disposed over an intranet, passively collects SNMP data or flow data, and uses signature and anomaly mechanisms to identify and analyze interesting network activities, including traffic anomaly. In order to discover the anomalies of networks outside manageable areas, we need to use active probing techniques. In this paper we first present PQLink, a tool that allows end users to accurately measure the available bandwidth (AB) of arbitrary links on a network. PQLink uses a novel probing technique called trains of packet-quartets and only needs a single end point. Then we propose a novel approach for anomaly detection based on PQLink, which keeps monitoring the AB of vital links. Simulations validate the efficiency of PQLink and our anomaly detection approach.
Keywords :
Internet; digital signatures; intranets; protocols; telecommunication links; telecommunication network management; telecommunication security; telecommunication traffic; Internet; PQLink; SNMP data; anomaly detection; arbitrary links; available bandwidth estimation; digital signature; flow data; intranet; network behavior analysis system; network operators; probing technique; traffic anomaly; vital links; Bandwidth; Helium; IP networks; Internet; Monitoring; Parallel processing; Quality of service; Sun; Telecommunication traffic; Traffic control; active measurement; anomaly detection; available bandwidth measurement;
Conference_Titel :
Network and Parallel Computing, 2008. NPC 2008. IFIP International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3354-4
DOI :
10.1109/NPC.2008.85
