A transform domain-based anomaly detection approach to network-wide traffic

Journal of Network and Computer Applications

Volumn 40, Issue 1, 2014, Pages 292-306

  Jiang, Dingde ^a,c   Xu, Zhengzheng ^a,b   Zhang, Peng ^a   Zhu, Ting ^d  

^a NORTHEASTERN UNIVERSITY   (China)

^b NORTHEASTERN UNIVERSITY   (China)

^c BEIJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS   (China)

^d State University of New York at Binghamton   (United States)

Author keywords

Anomaly detection; Feature extraction; Network wide traffic; Origin destination flows; Transform domain analysis

Indexed keywords

ELECTRIC NETWORK TOPOLOGY; FEATURE EXTRACTION;

ABNORMAL COMPONENTS; ANOMALY DETECTION; DETECTION ALGORITHM; DETECTION PERFORMANCE; NETWORK DISRUPTIONS; ORIGIN-DESTINATION FLOWS; TRANSFORM DOMAIN; TRANSFORM DOMAIN ANALYSIS;

NETWORK ARCHITECTURE;

EID: 84896316389     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2013.09.014     Document Type: Article

References (47)

1. T. Akgül, S. Baykut, M.E. Kantarci, and S.F. Oktug Periodicity-based anomalies in self-similar network traffic flow measurements IEEE Trans Instrum Meas 60 4 2011 1358 1366
2. Anand A, Muthukrishnan C, Akella A, Ramjee R. Redundancy in network traffic: findings and implications. In: Proceedings of SIGMETRICS; 2009. p. 37-48.
3. Barford P, Kline J, Plonka D, Ron A. A signal analysis of network traffic anomalies. In: Proceedings of IMW; 2002. p. 71-82.
4. Brauckhoff D, Salamatian K, May M. A signal processing view on packet sampling and anomaly detection. In: Proceedings of INFOCOM; 2010. p. 1-9.
5. P. Casas, S. Vaton, L. Fillatre, and I. Nikiforov Optimal volume anomaly detection and isolation in large-scale IP networks using coarse-grained measurements Comput Netw 54 11 2010 1750 1766
6. M. Celenk, T. Conley, J. Willis, and J. Graham Predictive network anomaly detection and visualization IEEE Trans Inf Forensics Secur 5 2 2010 288 299
7. Chhabra P, Scott C, Kolaczyk E, Crovella M. Distributed spatial anomaly detection. In: Proceedings of INFOCOM, Phoenix, AZ; 2008. p. 2378-86.
8. Eriksson B, Barford P, Bowden R, Duffield N, Sommers J, Roughan M. Basisdetect: a model-based network event detection framework. In: Proceedings of IMC; 2010. p. 451-64.
9. S. Federico, I.A. Juan, C. Pablo, M. Martin-Fernandez, I.A. Dimitriadis, and C. Alberola-Lopez Anomaly detection in network traffic based on statistical inference and α-stable modeling IEEE Trans Dependable Secur Comput 8 4 2011 494 509
10. X. Guan, T. Qin, W. Li, and P. Wang Dynamic feature analysis and measurement for large-scale network traffic monitoring IEEE Trans Inf Forensics Secur 5 4 2010 905 919
11. L. Guo LSSP: a novel local segment-shared protection for multi-domain optical mesh networks Comput Commun 30 8 2007 1794 1801 (Pubitemid 46659751)
12. L. Guo, J. Cao, H Yu, and L Li Path-based routing provisioning with mixed shared protection in WDM mesh networks J Lightwave Technol 24 3 2006 1129 1141
13. Huang Y, Feamster N, Lakhina A, Xu J. Diagnosing network disruptions with network-wide analysis. In: Proceedings of SIGMETRICS; 2007. p. 61-72. (Pubitemid 350158073)
14. D. Jiang, and G. Hu GARCH model-based large-scale IP traffic matrix estimation IEEE Commun Lett 13 1 2009 52 54
15. D. Jiang, X. Wang, and L. Guo Mahalanobis distance-based traffic matrix estimation Eur Trans Telecommun 21 3 2010 195 201
16. D. Jiang, Z. Xu, Z. Chen, Y. Han, and H. Xu Joint time-frequency sparse estimation of large-scale network traffic Comput Netw 55 10 2011 3533 3547
17. D. Jiang, X. Wang, L. Guo, H. Nie, and Z. Chen Accurate estimation of large-scale IP traffic matrix AEU - Int J Electron Commun 65 1 2011 75 86
18. Kanda Y, Fukuda K, Sugawara T. A flow analysis for mining traffic anomalies. In: Proceedings of ICC; 2010. p. 1-5.
19. S.S. Kim, and A.L.N. Reddy Statistical techniques for detecting traffic anomalies through packet header data IEEE Trans Netw 16 3 2008 562 575
20. M. Kodialam, T.V. Lakshman, J.B. Orlin, and S. Sengupta Oblivious routing of highly variable traffic in service overlays and IP backbones IEEE Trans Netw 17 2 2009 459 472
21. Lakhina A, Crovella M, Diot C. Mining anomalies using traffic feature distributions. In: Proceedings of SIGCOMM; 2005. p. 217-28. (Pubitemid 46323506)
22. Lakhina A, Crovella M, Diot C. Diagnosing network-wide traffic anomalies. In: Proceedings of SIGCOMM; October 2004. p. 219-30. (Pubitemid 40954882)
23. G.Y. Lazarou, J. Baca, V.S. Frost, and J.B. Evans Describing network traffic using the index of variability IEEE Trans Netw 17 5 2009 1672 1683
24. W. Lu, and A. Ghorbani Network anomaly detection based on wavelet analysis EURASIP J Adv Signal Process 2009 1 16
25. F. Maggi, M. Matteucci, and S. Zanero Reducing false positives in anomaly detectors through fuzzy alert aggregation Inf Fusion 10 4 2009 300 311
26. Nawata S, Uchida M, Gu Y, Tsuru M, Oie Y. Unsupervised ensemble anomaly detection through time-periodical packet sampling. In: Proceedings of INFOCOM; 2010. p. 1-9.
27. L. Nie, D. Jiang, and L. Guo A power laws-based reconstruction approach to end-to-end network traffic J Netw Comput Appl 36 2 2013 898 907
28. Nychis G, Sekar V, Andersen DG, Kim H, Zhang H. An empirical evaluation of entropy-based traffic anomaly detection. In: Proceedings of IMC; 2008. p. 151-6.
29. I.C. Paschalidis, and G. Smaragdakis Spatio-temporal network anomaly detection by assessing deviations of empirical measures IEEE Trans Netw 17 3 2009 685 697
30. T. Qin, X. Guan, W. Li, P. Wang, and Q. Huang Monitoring abnormal network traffic based on blind source separation approach J Netw Comput Appl 34 2011 1732 1742
31. S. Raghunath, K.K. Ramakrishnan, and S. Kalyanaraman Measurement-based characterization of IP VPNs IEEE Trans Netw 15 6 2007 1428 1441
32. Rubinstein BI, Nelson B, Huang L, Joseph AD, Lau S, Rao S, et al. ANTIDOTE: understanding and defending against poisoning of anomaly detectors. In: Proceedings of IMC; 2009. p. 1-14.
33. S. Shanbhag, and T. Wolf Accurate anomaly detection through parallelism IEEE Netw 23 1 2009 22 28
34. Silveira F, Diot C. URCA: pulling out anomalies by their root causes. In: Proceedings of INFOCOM; 2010. p. 1-9.
35. Singhal H, Michailidis G. Optimal sampling in state space models with applications to network monitoring. In: Proceedings of SIGMETRICS; 2008. p. 145-56.
36. Stockwel RG, in Why use the S-transform, vol. 52, ed. by A Wong (Fields Institute Communications, Providence, 2007), p. 279-309. Pseudo-Differential Operators: PDEs and Time-Frequency Analysis
37. G. Thatte, U. Mitra, and J. Heidemann Parametric methods for anomaly detection in aggregate traffic IEEE/ACM Trans Netw 19 2 2011 512 525
38. Venkatarama A, Corbett, C, Beyah R. A wired-side approach to MAC misbehavior detection. In: Proceedings of ICC; 2010. p. 1-5.
39. A. Vishwanath, V. Sivaraman, and G.N. Rouskas Anomalous loss performance for mixed real-time and TCP traffic in routers with very small buffers IEEE/ACM Trans Netw 19 4 2011 933 946
40. K.V. Vishwanath, and A. Vahdat Swing: realistic and responsive network traffic generation IEEE Trans Netw 17 3 2009 712 725
41. A. Wiese, and A.O. Hero Decomposable principal component analysis IEEE Trans Signal Process 57 11 2009 4369 4377
42. Y. Xiang, K. Li, and W. Zhou Low-rate DDoS attacks detection and traceback by using new information metrics IEEE Trans Inf Forensics Secur 6 2 2011 426 437
43. Xu K, Zhang Z, Bhattacharyya S. Profiling Internet backbone traffic: behavior models and applications. In: Proceedings of SIGCOMM; 2005. p. 169-80. (Pubitemid 46323502)
44. K. Xu, Z. Zhang, and S. Bhattacharyya Internet traffic behavior profiling for network security monitoring IEEE Trans Netw 16 6 2008 1241 1252
45. W. Yu, N. Zhang, X. Fu, and Wei Zhao Self-disciplinary worms and countermeasures: modeling and analysis IEEE Trans Parallel Distrib Systems 21 10 2010 1501 1514
46. Zhu T, Yu M. A secure quality of service routing protocol for wireless Ad Hoc networks. In: Proceedings of GLOBECOM'06; 2006. p. 1-6.
47. Zhu T, Xiao S, Yi P, Towsley D, Gong W. A secure energy routing mechanism for sharing renewable energy in smart microgrid. In: Proceedings of SmartGridComm'11; 2011. p. 143-8.