Anomaly Detections in Internet traffic Using Empirical Measures
A.S.Syed Navaz, S.Gopalakrishnan, R.Meena
TL;DR
This paper proposes a novel anomaly detection method for Internet traffic using empirical measures and large deviations theory, enabling identification of both spatial and temporal anomalies in real network data.
Contribution
It introduces a new framework based on empirical measures and large deviations for detecting network anomalies, with validation on real traffic traces.
Findings
Effective detection of temporal anomalies in real traffic data
Capability to monitor multiple network elements simultaneously
Comparison of approaches highlighting their respective advantages
Abstract
Introducing Internet traffic anomaly detection mechanism based on large deviations results for empirical measures. Using past traffic traces we characterize network traffic during various time-of-day intervals, assuming that it is anomaly-free. Throughout, we compare the two approaches presenting their advantages and disadvantages to identify and classify temporal network anomalies. We also demonstrate how our framework can be used to monitor traffic from multiple network elements in order to identify both spatial and temporal anomalies. We validate our techniques by analyzing real traffic traces with time-stamped anomalies.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · Network Packet Processing and Optimization