Title: Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods

Authors: Christian Callegari; Stefano Giordano; Michele Pagano; Teresa Pepe

Addresses: Department of Information Engineering, University of Pisa, Pisa, Italy. ' Department of Information Engineering, University of Pisa, Pisa, Italy. ' Department of Information Engineering, University of Pisa, Pisa, Italy. ' Department of Information Engineering, University of Pisa, Pisa, Italy

Abstract: In the last years, the ever increasing number of network attacks has brought the research attention to the design and development of effective anomaly detection systems. To this aim, the main target is to develop efficient algorithms able to detect abrupt changes in the data, with the smallest detection delay. In this paper, we present a novel method for network anomaly detection, based on the idea of discovering heavy change (HC) in the distribution of the Heavy Hitters in the network traffic, by applying several forecasting algorithms. To assess the validity of the proposed method, we have performed an experimental evaluation phase, during which our system performance have been compared to more 'classical' approaches, such as a standard HC method and the promising CUSUM method. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed method, showing how it is able to outperform the 'classical' approaches.

Keywords: anomaly detection; reversible sketch; heavy hitters; heavy changes; multi-chart non-parametric CUSUM algorithm; backbone network traffic; forecasting algorithms.

DOI: 10.1504/IJSNET.2012.047149

International Journal of Sensor Networks, 2012 Vol.11 No.4, pp.205 - 214

Published online: 01 Jun 2012 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article