poster

Detecting traffic anomalies using an equilibrium property

Authors:

Fernando Silveira,

Christophe Diot,

Nina Taft,

Ramesh GovindanAuthors Info & Claims

SIGMETRICS '10: Proceedings of the ACM SIGMETRICS international conference on Measurement and modeling of computer systems

Pages 377 - 378

https://doi.org/10.1145/1811039.1811095

Published: 14 June 2010 Publication History

Get Access

Abstract

When many flows are multiplexed on a non-saturated link, their volume changes over short timescales tend to cancel each other out, making the average change across flows close to zero. This equilibrium property holds if the flows are nearly independent, and it is violated by traffic changes caused by several correlated flows. We exploit this empirical property to design a computationally simple anomaly detection method.

References

[1]

N. Hohn, D. Veitch, and P. Abry. Cluster Processes, a Natural Language for Network Traffic. IEEE Transactions on Networking, pages 2229--2244, 2003.

Digital Library

Google Scholar

[2]

F. Silveira, C. Diot, N. Taft, and R. Govindan. ASTUTE: Detecting a Different Class of Traffic Anomalies. Technical report, Technicolor, 2010. http://www.thlab.net/~fernando/papers/astute.pdf.

Google Scholar

Cited By

View all

Velarde-Alvarado PVargas-Rosales CMartinez-Pelaez RToral-Cruz HMartinez-Herrera A(2016)An unsupervised approach for traffic trace sanitization based on the entropy spacesTelecommunications Systems10.1007/s11235-015-0017-661:3(609-626)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1007/s11235-015-0017-6
Pevny TRehak MGrill M(2012)Detecting anomalous network hosts by means of PCA2012 IEEE International Workshop on Information Forensics and Security (WIFS)10.1109/WIFS.2012.6412633(103-108)Online publication date: Dec-2012
https://doi.org/10.1109/WIFS.2012.6412633

Index Terms

Detecting traffic anomalies using an equilibrium property
1. Networks
  1. Network services

Recommendations

Detecting traffic anomalies using an equilibrium property
Performance evaluation review

When many flows are multiplexed on a non-saturated link, their volume changes over short timescales tend to cancel each other out, making the average change across flows close to zero. This equilibrium property holds if the flows are nearly independent, ...
Diagnosing network-wide traffic anomalies

Anomalies are unusual and significant changes in a network's traffic levels, which can often span multiple links. Diagnosing anomalies is critical for both network operators and end users. It is a difficult problem because one must extract and interpret ...
Diagnosing network-wide traffic anomalies
SIGCOMM '04: Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications

Anomalies are unusual and significant changes in a network's traffic levels, which can often span multiple links. Diagnosing anomalies is critical for both network operators and end users. It is a difficult problem because one must extract and interpret ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SIGMETRICS '10: Proceedings of the ACM SIGMETRICS international conference on Measurement and modeling of computer systems

June 2010

398 pages

ISBN:9781450300384

DOI:10.1145/1811039

General Chair:
Vishal Misra
Columbia University, USA
,
Program Chairs:
Paul Barford
University of Wisconsin-Madison, USA
,
Mark Squillante
IBM T.J. Watson Research Center, USA

ACM SIGMETRICS Performance Evaluation Review Volume 38, Issue 1
Performance evaluation review
June 2010
382 pages
ISSN:0163-5999
DOI:10.1145/1811099
Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Poster

Conference

SIGMETRICS '10

Sponsor:

SIGMETRICS

SIGMETRICS '10: ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems

June 14 - 18, 2010

New York, New York, USA

Acceptance Rates

Overall Acceptance Rate 459 of 2,691 submissions, 17%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
203
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Velarde-Alvarado PVargas-Rosales CMartinez-Pelaez RToral-Cruz HMartinez-Herrera A(2016)An unsupervised approach for traffic trace sanitization based on the entropy spacesTelecommunications Systems10.1007/s11235-015-0017-661:3(609-626)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1007/s11235-015-0017-6
Pevny TRehak MGrill M(2012)Detecting anomalous network hosts by means of PCA2012 IEEE International Workshop on Information Forensics and Security (WIFS)10.1109/WIFS.2012.6412633(103-108)Online publication date: Dec-2012
https://doi.org/10.1109/WIFS.2012.6412633

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Detecting traffic anomalies using an equilibrium property

Diagnosing network-wide traffic anomalies

Diagnosing network-wide traffic anomalies