A framework for detection of traffic anomalies based on IP aggregation

Marat Zhanikeev, Yoshiaki Tanaka

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Traditional traffic analysis is can be performed online only when detection targets are well specified and are fairly primitive. Local processing at measurement point is discouraged as it would considerably affect major functionality of a network device. When traffic is analyzed at flow level, the notion of flow timeout generates differences in flow lifespan and impedes unbiased monitoring, where only n-top flows ordered by a certain metric are considered. This paper proposes an alternative manner of traffic analysis based on source IP aggregation. The method uses flows as basic building blocks but ignores timeouts, using short monitoring intervals instead. Multidimensional space of metrics obtained through IP aggregation, however, enhances capabilities of traffic analysis by facilitating detection of various anomalous conditions in traffic simultaneously.

Original languageEnglish
Pages (from-to)16-23
Number of pages8
JournalIEICE Transactions on Information and Systems
VolumeE92-D
Issue number1
DOIs
Publication statusPublished - 2009 Jan 1

Keywords

  • Anomaly detection
  • IP aggregation
  • Network management
  • Performance monitoring
  • Traffic analysis

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Vision and Pattern Recognition
  • Electrical and Electronic Engineering
  • Artificial Intelligence

Fingerprint Dive into the research topics of 'A framework for detection of traffic anomalies based on IP aggregation'. Together they form a unique fingerprint.

  • Cite this