|
|
Please login using the form on menu list.
It is required to login for Full-Text PDF.
|
A Traffic Decomposition and Prediction Method for Detecting and Tracing Network-Wide Anomalies
Ping DU
Shunji ABE
Yusheng JI
Seisho SATO
Makio ISHIGURO
Publication
IEICE TRANSACTIONS on Information and Systems Vol.E92-D No.5 pp.929-936
Publication Date: 2009/05/01
Online ISSN: 1745-1361
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Internet Security
Keyword:
anomaly detection,
anomaly tracing,
autoregressive (AR) model,
Kalman filter,
Full Text: PDF(980.7KB)
Summary:
Traffic volume anomalies refer to apparently abrupt changes in the time series of traffic volume, which can propagate through the network. Detecting and tracing these anomalies is a critical and difficult task for network operators. In this paper, we first propose a traffic decomposition method, which decomposes the traffic into three components: the trend component, the autoregressive (AR) component, and the noise component. A traffic volume anomaly is detected when the AR component is outside the prediction band for multiple links simultaneously. Then, the anomaly is traced using the projection of the detection result matrices for the observed links which are selected by a shortest-path-first algorithm. Finally, we validate our detection and tracing method by using the real traffic data from the third-generation Science Information Network (SINET3) and show the detected and traced results.
|
|
