Network anomaly diagnosis via statistical analysis and evidential reasoning

IEEE Transactions on Network and Service Management

Volumn 5, Issue 2, 2008, Pages 65-77

  Samaan, Nancy ^a   Karmouch, Ahmed ^a  

^a UNIVERSITY OF OTTAWA   (Canada)

Author keywords

Anomaly detection; Dempster Shafer theory; Network management

Indexed keywords

ADMINISTRATIVE DATA PROCESSING; DATA FUSION; FORMAL LOGIC; MANAGEMENT INFORMATION SYSTEMS; METROPOLITAN AREA NETWORKS; SENSOR DATA FUSION; STATISTICAL METHODS;

ANOMALY DETECTION; DEMPSTER RULES; DEMPSTER-SHAFER THEORY; EVIDENTIAL REASONINGS; NETWORK ANOMALIES; NETWORK FAILURES; NETWORK MONITORING; NEW APPROACHES; PERFORMANCE ANALYSES; REAL DATUMS; STATISTICAL ANALYSIS; TRAINING SETS;

NETWORK MANAGEMENT;

EID: 57749203346     PISSN: 19324537     EISSN: None     Source Type: Journal    
DOI: 10.1109/TNSM.2008.021103     Document Type: Article

References (43)

1. J. D. Case, M. Fedor, M. L. Schoffstall and C. Davin, "Simple network mangement protocol (SNMP). RFC l 157/STD00 15, May 1990".
2. S. Waldbusser, "Remote network monitoring management information base. WC28 19/STDOO59", May 2000".
3. Cisco Corporation, "Netflow services and applications. http:// www.cisco.com/, 2000".
4. Gianluca Iannaccone, "CoMo: An open infrastructure for network monitoring: Research Agenda", Technical report, Intel Research, February 2005.
5. C. Cranor, T. Johnson, O. Spatscheck and V. Shkapenyuk, "Gigascope: A stream database for network applications", in ACM SIGMOD, page 647-651, 2003.
6. E. Tang, Y. Al-Shaer and R. Boutaba, "Active Integrated Fault localization in communication networks", in IFIP/IEEE International Symposium on Integrated Network Management (IM'2005), May 2005.
7. P. Barford, J. Kline, D. Plonka and A. Ron, "A signal analysis of network traffic anomalies", in ACM SIGCOMM Internet Measurement Workshop, (Marseilles, France), Nov. 2002.
8. Anukool Lakhina, Mark Crovella and Christophe Diot, "Diagnosing network-wide traffic anomalies", SIGCOMM Comput. Commun. Rev. 4, 4, pp. 219-230, Aug. 2004.
9. J. D. Brutlag, "Aberrant behavior detection and control in time series for network monitoring", in 14th Systems Administration Conference (LISA 2000), (New Orleans, LA, USA), USENIX, Dec. 2000.
10. M. Thottan and C. Ji, "Anomaly detection in IP Networks", IEEE Trans. on Signal Processing, vol. 51, n. 8, pp. 2191- 2204, Aug. 2003.
11. G. Shafer, A Mathematical theory of evidence, ch. 3, Princeton Universal Press, 1975.
12. K. Yamanishi and J. Takeuchi, "A unifying framework for detecting outliers and change points from non-stationary time series data", in KDD '02: Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp. 676-681, New York, NY, USA, 2002.
13. T. Denoeux, "A k-nearest neighbor classification rule based on Dempster-Shafer theory", IEEE Transactions on Systems, Man and Cybernetics, vol. 25, n. 5, pp. 804 - 813, May 1995.
14. L. Huang, X. Nguyen, M. Garofalakis, J. Hellerstein, A. Joseph, M. Jordan and L. Taft, "Communication-Efficient Online Detection of Network-Wide Anomalies", in 26th Annual IEEE Conference on Computer Communications (INFOCOM'07), Anchorage, Alaska, May, 2007.
15. X. Li, F. Bian, M. Crovella, C. Diot, R. Govindan, G. Iannaccone and A. Lakhina, "Detection and identification of network anomalies using sketch subspaces", Proceedings of the 6th ACM SIGCOMM on Internet measurement, pp. 147-152, 2006.
16. M. Mandjes, I. Saniee and A.L. Stolyar, "Load characterization and anomaly detection for voice over IP traffic", Neural Networks, IEEE Transactions on, vol. 16, n. 5, pp. 1019-1026, Sept. 2005.
17. G. Androulidakis and S. Papavassiliou, "Intelligent Flow-Based Sampling for Effective Network Anomaly Detection", Global Telecommunications Conference, 2007. GLOBECOM'07. IEEE, pp. 1948-1953, 2007.
18. A. Lakhina, M. Crovella and Mark. Diot, "Characterization of network-wide anomalies in traffic flows", in IMC '04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pp. 201-206, New York, NY, USA, 2004, ACM Press.
19. Anukool Lakhina, Mark Crovella and Christophe Diot, "Mining anomalies using traffic feature distributions", in SIGCOMM '05: Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, pp. 217-228, 2005.
20. A. Ziviani, A. Gomes, M. Monsores and P. Rodrigues, "Network anomaly detection using nonextensive entropy", Communications Letters, IEEE vol. 11, n. 12, pp. 1034-1036, December 2007.
21. A. Patcha and J. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends", Computer Networks, vol. 51, n. 12, pp. 3448-3470, Aug. 2007.
22. J. Liebowitz, Expert System Applications to Telecommunications, John Wiley and Sons, New York, NY, USA, 1988.
23. Y. A. Nygate, "Event correlation using rule and object based techniques", in IFIP/IEEE Int. Symp. on Integrated Network Management IV, pp. 278-289, 1995.
24. M. S. Kim, H. J. Kang, S. H. Hung, S. C. Chung and J. W. Hong, "A Flow-based Method for Abnormal Network Traffic Detection", in IEEE/IFIP Network Operations and Management Symposium, Seoul, Apr. 2004.
25. C. Manikopoulos and S. Papavassiliou, "Network intrusion and fault detection: A statistical anomaly approach", IEEE Communications Magazine, vol. 40, n. 10, pp. 76-82, Oct, 2002.
26. E. Eskin, A. Arnold, M. Prerau, L. Portnoy and S. Stolfo, "A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data", in Data Mining for Security Applications, Kluwer, Boston, MA., 2002.
27. Shekhar R. Gaddam, Vir V. Phoha and Kiran S. Balagani, "K-Means+ ID3: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods", Knowledge and Data Engineering, IEEE Transactions on, vol. 19, n. 3, pp. 345-354, March 2007.
28. C.S. Hood and Ji. Chuanyi, "Proactive network fault detection", in INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies, vol.3, no., pp.1147-1155 vol.3, 7-12, Ap 1997.
29. T. Auld, A. W. Moore and S. F. Gull, "Bayesian Neural Networks for Internet Traffic Classification", Neural Networks, IEEE Transactions on, vol. 18, n. 1, pp. 223-239, Jan. 2007.
30. J.C. Hoffman and R.R. Murphy, "Comparison of Bayesian and Dempster-Shafer theory for sensing: A practitioner's approach", Proceedings of SPIE, vol. 203, pp. 266-279, 2003.
31. A. Hussain, J. Heidemann and C. Papadopoulos, "Identification of Repeated Denial of Service Attacks", in INFOCOM 2006. 25th IEEE International Conference on Computer Communications. Proceedings, pp. 1-15, April 2006.
32. T.M. Chen and V. Venkataramanan, "Dempster-Shafer theory for intrusion detection in ad hoc networks", Internet Computing, IEEE, vol. 9, n. 6, pp. 35-41, Nov.-Dec. 2005.
33. N. Dawes, J. Altoft and B. Pagurek, "Network diagnosis by reasoning in uncertain nested evidence spaces", Communications, IEEE Transactions on, vol. 43, n. 234, pp. 466-476, Feb/Mar/Apr 1995.
34. M. Basseville and A. Benveniste, "Sequential detection of abrupt changes in spectral characteristics of digital signals", Information Theory, IEEE Transactions on, vol. 29, n. 5, pp. 709-724, Sep. 1983.
35. M. B. Priestley, Spectral Analysis and Time Series, volume I and II, London, U.K.: Academic, 1981.
36. Zheng-She Liu, "QR methods of O(N) complexity in adaptive parameter estimation", IEEE Trans. on Signal Processing, vol. 43, n. 3, pp. 720-729, Mar 1995.
37. Kari Sentz, Combination of Evidence in Dempster-Shafer Theory, Ph.d., Systems Science and Industrial Engineering Department, Binghamton University, 2002.
38. Foster Probost, "Machine learning from imbalanced data sets 101", in AAAI'2000 Workshop on Imbalanced Data Sets, 2000.
39. M. Bauer, "Approximation algorithms and decision making in the Dempster-Shafer theory of evidence : An empirical study", International Journal of Approximate Reasoning, vol. 17, n. 2-3, pp. 217-237, 1997.
40. J. Galvin and K. McCloghrie, "Administrative Model for version 2 of the Simple Network Management Protocol (SNMPv2), RFC 1445, Trusted Information Systems, Hughes, LAN Systems", Apr. 1993.
41. A. Josang, "A Logic for Uncertain Probabilities", International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, vol. 9, n. 3, pp. 279-311, 2001.
42. L. Lam and C. Y. Suen, "Application of Majority Voting to Pattern Recognition: An Analysis of its Behaviour and Performance", IEEE Trans. on Syst. Man and Cyebrn.,Part A: Systems and Humans, vol. 27, pp. 553-568, 1997.
43. V.A. Siris and F. Papagalou, "Application of anomaly detection algorithms for detecting SYN flooding attacks", Computer Communications, vol. 29, n. 9, pp. 1433-1442, 2006.