Anomaly Detection Based on Aggregated Network Behavior Metrics

Author

Shen, Gang ; Chen, Dalong ; Qin, Zhongping

Author_Institution

Huazhong Univ. of Sci. & Technol., Wuhan

fYear

2007

fDate

21-25 Sept. 2007

Firstpage

2210

Lastpage

2213

Abstract

Network measurement is important to many network management tasks, including traffic anomaly detection. Aggregating packet header information is an effective and efficient way to collect network traffic statistics. We propose a set of aggregated network metrics that may be used to characterize the overall network behaviors. These metrics are generated from packet header based statistics and are stable to normal traffic while sensitive to anomaly. We further apply principal components analysis and information gain analysis to reduce data size. It is evaluated by experiments that the proposed detection system may generate satisfactory classification of network traffic.

Keywords

principal component analysis; telecommunication network management; telecommunication security; telecommunication traffic; aggregated network behavior metrics; aggregated network metrics; information gain analysis; network management; network measurement; network traffic statistics; packet header information; packet header-based statistics; principal components analysis; traffic anomaly detection; Data analysis; Floods; Information analysis; Monitoring; Principal component analysis; Sampling methods; Statistics; Technology management; Telecommunication traffic; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications, Networking and Mobile Computing, 2007. WiCom 2007. International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4244-1311-9

Type

conf

DOI

10.1109/WICOM.2007.551

Filename

4340326