Title :
Nine years of observing traffic anomalies: Trending analysis in backbone networks
Author :
Youngjoon Won ; Fontugne, Romain ; Cho, Kun ; Esaki, Hiroshi ; Fukuda, Kenji
Author_Institution :
Hanyang Univ., Seoul, South Korea
Abstract :
We present the longitudinal trending analysis of traffic anomalies on a trans-Pacific backbone network over nine years. Throughout our analysis, we try to answer several questions: how frequent do such anomalies appear and how long do they last? Does a set of anomalous hosts occur correspondingly? We answer these by applying the state-of-the-art anomaly detectors to (un)anonymized packet traces and look into interesting insights from the long-term analysis. The key observations are as follow. The sources of anomalies are decreasing over the recent years, but take a significant portion of traffic volume during the measurement period (i.e., 0.03% of all IP addresses take up to 30% of traffic volume). The frequency analysis reveals that there is a clear periodicity of anomalies and anomalous host occurrences in various durations. Finally, we find the influences of anomaly detectors to the overall trending and how they differ from each other.
Keywords :
Internet; computer network security; telecommunication traffic; Internet traffic; anomalous host occurrences; anomaly detectors; anomaly periodicity; anonymized packet traces; frequency analysis; long-term analysis; longitudinal trending analysis; time 9 year; traffic anomaly; traffic volume; trans-Pacific backbone network; Correlation; Detectors; Grippers; IP networks; Ports (Computers); Principal component analysis; Servers;
Conference_Titel :
Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
Conference_Location :
Ghent
Print_ISBN :
978-1-4673-5229-1
