Anomaly Detection and Processing of Self-Similar Network Traffic Data

Author

Lv, Jun ; Wang, Qinghai ; Li, Tong

Author_Institution

Dept. of Inf. Eng., Acad. of Armored Force Eng., Beijing

fYear

2008

fDate

12-14 Oct. 2008

Firstpage

1

Lastpage

4

Abstract

Anomaly detection of self-similar network traffic data is a difficult problem in network management. Due to network traffic may have the property of long term dependent, it can be approximated with a finite order Euler-Cauchy system based on ARMA (autoregressive moving average). As a result, AR (auto-regressive) model based on time serial analysis theory was used to deal with the problem of self-similar network traffic. On this basis, a wavelet generalized likelihood ratio (WGLR) algorithm was developed for anomaly diagnosis of network traffic with self-similar characteristics. WGLR algorithm combines generalized likelihood ratio (GLR) algorithm and wavelet transform method, and captures the failure point in real time. That will improve the accuracy of anomaly detection. Simulating and experiment results accord with the conclusions suggested in the paper.

Keywords

autoregressive moving average processes; computer network management; telecommunication security; telecommunication traffic; time series; wavelet transforms; anomaly detection; autoregressive moving average; finite order Euler-Cauchy system; network management; self-similar network traffic data; time serial analysis theory; wavelet generalized likelihood ratio algorithm; wavelet transform method; Data engineering; Detection algorithms; Electronic mail; Engineering management; Fault detection; Monitoring; Telecommunication traffic; Testing; Traffic control; Wavelet transforms;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications, Networking and Mobile Computing, 2008. WiCOM '08. 4th International Conference on

Conference_Location

Dalian

Print_ISBN

978-1-4244-2107-7

Electronic_ISBN

978-1-4244-2108-4

Type

conf

DOI

10.1109/WiCom.2008.1048

Filename

4678956