A method of detecting network anomalies in cyclic traffic

Shigeaki Harada, Ryoichi Kawahara, Tatsuya Mori, Noriaki Kamiyama, Haruhisa Hasegawa, Hideaki Yoshino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)


We present a method of detecting network anomalies, such as DDoS (distributed denial of service) attacks and flash crowds, automatically in real time. We evaluated this method using measured traffic data and found that it successfully differentiated suspicious traffic. In this paper, we focus on cyclic traffic, which has a daily and/or weekly cycle, and show that the differentiation accuracy is improved by utilizing such a cyclic tendency in anomaly detection. Our method differentiates suspicious traffic that has different statistical characteristics from normal traffic. At the same time, it learns about cyclic large- volume traffic, such as traffic for network operations, and finally considers it to be legitimate.

Original languageEnglish
Title of host publicationGLOBECOM - IEEE Global Telecommunications Conference
Number of pages5
Publication statusPublished - 2008
Externally publishedYes
Event2008 IEEE Global Telecommunications Conference, GLOBECOM 2008 - New Orleans, LA
Duration: 2008 Nov 302008 Dec 4


Other2008 IEEE Global Telecommunications Conference, GLOBECOM 2008
CityNew Orleans, LA


ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Harada, S., Kawahara, R., Mori, T., Kamiyama, N., Hasegawa, H., & Yoshino, H. (2008). A method of detecting network anomalies in cyclic traffic. In GLOBECOM - IEEE Global Telecommunications Conference (pp. 2057-2061). [4698171] https://doi.org/10.1109/GLOCOM.2008.ECP.396