Network-Wide Anomaly Detection Based on Router Connection Relationships

Yingjie ZHOU  Guangmin HU  

IEICE TRANSACTIONS on Communications   Vol.E94-B   No.8   pp.2239-2242
Publication Date: 2011/08/01
Online ISSN: 1745-1345
DOI: 10.1587/transcom.E94.B.2239
Print ISSN: 0916-8516
Type of Manuscript: Special Section LETTER (Special Section on Deployment and Operation of New Internet Technology: Challenges and Approaches)
network-wide anomaly detection,  router connection relationships,  graph mining,  

Full Text: PDF(339.3KB)>>
Buy this Article

Detecting distributed anomalies rapidly and accurately is critical for efficient backbone network management. In this letter, we propose a novel anomaly detection method that uses router connection relationships to detect distributed anomalies in the backbone Internet. The proposed method unveils the underlying relationships among abnormal traffic behavior through closed frequent graph mining, which makes the detection effective and scalable.