Detecting and identifying network anomalies by component analysis

Le The Quyen; Marat Zhanikeev; Yoshiaki Tanaka

doi:10.1007/11876601_51

Detecting and identifying network anomalies by component analysis

Le The Quyen^*, Marat Zhanikeev, Yoshiaki Tanaka

^*Corresponding author for this work

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic analysis performed on multiple links simultaneously. This is made possible by using a combination of simple online traffic parameters and specific data from headers of selective packets. Even though large networks may have many network links and a lot of traffic, the analysis is simplified with the usage of Principal Component Analysis (PCA) subspace method. The proposed method proves that aggregation of such traffic profiles on large topologies allows identification of a certain set of anomalies with high level of certainty.

Original language	English
Title of host publication	Management of Convergence Networks and Services - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Proceedings
Publisher	Springer Verlag
Pages	501-504
Number of pages	4
ISBN (Print)	3540457763, 9783540457763
DOIs	https://doi.org/10.1007/11876601_51
Publication status	Published - 2006
Event	9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006 - Busan, Korea, Republic of Duration: 2006 Sept 27 → 2006 Sept 29

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4238 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006
Country/Territory	Korea, Republic of
City	Busan
Period	06/9/27 → 06/9/29

Keywords

Anomaly detection
Anomaly identification
Network anomalies
Principal component analysis
Traffic analysis

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11876601_51

Cite this

Quyen, L. T., Zhanikeev, M., & Tanaka, Y. (2006). Detecting and identifying network anomalies by component analysis. In Management of Convergence Networks and Services - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Proceedings (pp. 501-504). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4238 LNCS). Springer Verlag. https://doi.org/10.1007/11876601_51

Detecting and identifying network anomalies by component analysis. / Quyen, Le The; Zhanikeev, Marat; Tanaka, Yoshiaki.

Management of Convergence Networks and Services - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Proceedings. Springer Verlag, 2006. p. 501-504 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4238 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Quyen, LT, Zhanikeev, M & Tanaka, Y 2006, Detecting and identifying network anomalies by component analysis. in Management of Convergence Networks and Services - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4238 LNCS, Springer Verlag, pp. 501-504, 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Busan, Korea, Republic of, 06/9/27. https://doi.org/10.1007/11876601_51

Quyen LT, Zhanikeev M, Tanaka Y. Detecting and identifying network anomalies by component analysis. In Management of Convergence Networks and Services - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Proceedings. Springer Verlag. 2006. p. 501-504. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11876601_51

Quyen, Le The ; Zhanikeev, Marat ; Tanaka, Yoshiaki. / Detecting and identifying network anomalies by component analysis. Management of Convergence Networks and Services - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Proceedings. Springer Verlag, 2006. pp. 501-504 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7089e603342740f4b5a70b75c2061d0e,

title = "Detecting and identifying network anomalies by component analysis",

abstract = "Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic analysis performed on multiple links simultaneously. This is made possible by using a combination of simple online traffic parameters and specific data from headers of selective packets. Even though large networks may have many network links and a lot of traffic, the analysis is simplified with the usage of Principal Component Analysis (PCA) subspace method. The proposed method proves that aggregation of such traffic profiles on large topologies allows identification of a certain set of anomalies with high level of certainty.",

keywords = "Anomaly detection, Anomaly identification, Network anomalies, Principal component analysis, Traffic analysis",

author = "Quyen, {Le The} and Marat Zhanikeev and Yoshiaki Tanaka",

year = "2006",

doi = "10.1007/11876601_51",

language = "English",

isbn = "3540457763",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "501--504",

booktitle = "Management of Convergence Networks and Services - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Proceedings",

note = "9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006 ; Conference date: 27-09-2006 Through 29-09-2006",

}

TY - GEN

T1 - Detecting and identifying network anomalies by component analysis

AU - Quyen, Le The

AU - Zhanikeev, Marat

AU - Tanaka, Yoshiaki

PY - 2006

Y1 - 2006

N2 - Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic analysis performed on multiple links simultaneously. This is made possible by using a combination of simple online traffic parameters and specific data from headers of selective packets. Even though large networks may have many network links and a lot of traffic, the analysis is simplified with the usage of Principal Component Analysis (PCA) subspace method. The proposed method proves that aggregation of such traffic profiles on large topologies allows identification of a certain set of anomalies with high level of certainty.

AB - Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic analysis performed on multiple links simultaneously. This is made possible by using a combination of simple online traffic parameters and specific data from headers of selective packets. Even though large networks may have many network links and a lot of traffic, the analysis is simplified with the usage of Principal Component Analysis (PCA) subspace method. The proposed method proves that aggregation of such traffic profiles on large topologies allows identification of a certain set of anomalies with high level of certainty.

KW - Anomaly detection

KW - Anomaly identification

KW - Network anomalies

KW - Principal component analysis

KW - Traffic analysis

UR - http://www.scopus.com/inward/record.url?scp=33750594025&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750594025&partnerID=8YFLogxK

U2 - 10.1007/11876601_51

DO - 10.1007/11876601_51

M3 - Conference contribution

AN - SCOPUS:33750594025

SN - 3540457763

SN - 9783540457763

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 501

EP - 504

BT - Management of Convergence Networks and Services - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Proceedings

PB - Springer Verlag

T2 - 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006

Y2 - 27 September 2006 through 29 September 2006

ER -

Detecting and identifying network anomalies by component analysis

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this