Detecting and identifying network anomalies by component analysis

Le The Quyen, Marat Zhanikeev, Yoshiaki Tanaka

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    1 Citation (Scopus)

    Abstract

    Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic analysis performed on multiple links simultaneously. This is made possible by using a combination of simple online traffic parameters and specific data from headers of selective packets. Even though large networks may have many network links and a lot of traffic, the analysis is simplified with the usage of Principal Component Analysis (PCA) subspace method. The proposed method proves that aggregation of such traffic profiles on large topologies allows identification of a certain set of anomalies with high level of certainty.

    Original languageEnglish
    Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Pages501-504
    Number of pages4
    Volume4238 LNCS
    Publication statusPublished - 2006
    Event9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006 - Busan
    Duration: 2006 Sep 272006 Sep 29

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume4238 LNCS
    ISSN (Print)03029743
    ISSN (Electronic)16113349

    Other

    Other9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006
    CityBusan
    Period06/9/2706/9/29

    Fingerprint

    Anomaly
    Traffic Analysis
    Topology
    Traffic
    Principal Component Analysis
    Principal component analysis
    Subspace Methods
    Agglomeration
    Aggregation
    Research
    Profile

    Keywords

    • Anomaly detection
    • Anomaly identification
    • Network anomalies
    • Principal component analysis
    • Traffic analysis

    ASJC Scopus subject areas

    • Computer Science(all)
    • Biochemistry, Genetics and Molecular Biology(all)
    • Theoretical Computer Science

    Cite this

    Quyen, L. T., Zhanikeev, M., & Tanaka, Y. (2006). Detecting and identifying network anomalies by component analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4238 LNCS, pp. 501-504). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4238 LNCS).

    Detecting and identifying network anomalies by component analysis. / Quyen, Le The; Zhanikeev, Marat; Tanaka, Yoshiaki.

    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4238 LNCS 2006. p. 501-504 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4238 LNCS).

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Quyen, LT, Zhanikeev, M & Tanaka, Y 2006, Detecting and identifying network anomalies by component analysis. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 4238 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4238 LNCS, pp. 501-504, 9th Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Busan, 06/9/27.
    Quyen LT, Zhanikeev M, Tanaka Y. Detecting and identifying network anomalies by component analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4238 LNCS. 2006. p. 501-504. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
    Quyen, Le The ; Zhanikeev, Marat ; Tanaka, Yoshiaki. / Detecting and identifying network anomalies by component analysis. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4238 LNCS 2006. pp. 501-504 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
    @inproceedings{7089e603342740f4b5a70b75c2061d0e,
    title = "Detecting and identifying network anomalies by component analysis",
    abstract = "Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic analysis performed on multiple links simultaneously. This is made possible by using a combination of simple online traffic parameters and specific data from headers of selective packets. Even though large networks may have many network links and a lot of traffic, the analysis is simplified with the usage of Principal Component Analysis (PCA) subspace method. The proposed method proves that aggregation of such traffic profiles on large topologies allows identification of a certain set of anomalies with high level of certainty.",
    keywords = "Anomaly detection, Anomaly identification, Network anomalies, Principal component analysis, Traffic analysis",
    author = "Quyen, {Le The} and Marat Zhanikeev and Yoshiaki Tanaka",
    year = "2006",
    language = "English",
    isbn = "3540457763",
    volume = "4238 LNCS",
    series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
    pages = "501--504",
    booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

    }

    TY - GEN

    T1 - Detecting and identifying network anomalies by component analysis

    AU - Quyen, Le The

    AU - Zhanikeev, Marat

    AU - Tanaka, Yoshiaki

    PY - 2006

    Y1 - 2006

    N2 - Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic analysis performed on multiple links simultaneously. This is made possible by using a combination of simple online traffic parameters and specific data from headers of selective packets. Even though large networks may have many network links and a lot of traffic, the analysis is simplified with the usage of Principal Component Analysis (PCA) subspace method. The proposed method proves that aggregation of such traffic profiles on large topologies allows identification of a certain set of anomalies with high level of certainty.

    AB - Many research works address detection and identification of network anomalies using traffic analysis. This paper considers large topologies, such as those of an ISP, with traffic analysis performed on multiple links simultaneously. This is made possible by using a combination of simple online traffic parameters and specific data from headers of selective packets. Even though large networks may have many network links and a lot of traffic, the analysis is simplified with the usage of Principal Component Analysis (PCA) subspace method. The proposed method proves that aggregation of such traffic profiles on large topologies allows identification of a certain set of anomalies with high level of certainty.

    KW - Anomaly detection

    KW - Anomaly identification

    KW - Network anomalies

    KW - Principal component analysis

    KW - Traffic analysis

    UR - http://www.scopus.com/inward/record.url?scp=33750594025&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=33750594025&partnerID=8YFLogxK

    M3 - Conference contribution

    AN - SCOPUS:33750594025

    SN - 3540457763

    SN - 9783540457763

    VL - 4238 LNCS

    T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

    SP - 501

    EP - 504

    BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

    ER -