Skip to main content
SpringerLink
Log in

Detectability of Traffic Anomalies in Two Adjacent Networks

  • Conference paper
Passive and Active Network Measurement (PAM 2007)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 4427))

Included in the following conference series:

Abstract

Anomaly detection remains a poorly understood area where visual inspection and manual analysis play a significant role in the effectiveness of the detection technique. We observe traffic anomalies in two adjacent networks, namely GEANT and Abilene, in order to determine what parameters impact the detectability and the characteristics of anomalies. We correlate three weeks of traffic and routing data from both networks and apply Kalman filtering to detect anomalies that transit between the two networks. We show that differences in the monitoring infrastructure, network engineering practices, and anomaly-detection parameters have a large impact on which anomaly detectability. Through a case study of three specific anomalies, we illustrate the influence of the traffic mix, IP address anonymization, detection methodology, and packet sampling on the detectability of traffic anomalies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: ACM Sigcomm, ACM Press, New York (2004)

    Google Scholar 

  2. Soule, A., Salamatian, K., Taft, N., Nucci, A.: Traffic matrix tracking using kalman filters. In: ACM LSNI Workshop, ACM Press, New York (2005)

    Google Scholar 

  3. Soule, A., Salamatian, K., Taft, N.: Combining filtering and statistical methods for anomaly detection. In: ACM IMC, October, ACM Press, New York (2005)

    Google Scholar 

  4. Zhang, Y., Ge, Z., Greenberg, A., Roughan, M.: Network anomography. In: ACM IMC, October, ACM Press, New York (2005)

    Google Scholar 

  5. Teixeira, R., Duffield, N.G., Rexford, J., Roughan, M.: Traffic matrix reloaded: Impact of routing changes. In: Dovrolis, C. (ed.) PAM 2005. LNCS, vol. 3431, Springer, Heidelberg (2005)

    Google Scholar 

  6. Brauckhoff, D., Tellenbach, B., Wagner, A., Lakhina, A., May, M.: The effect of packet sampling on anomaly detection. In: ACM IMC, October, ACM Press, New York (2006)

    Google Scholar 

  7. Barakat, C., Iannaccone, G., Diot, C.: Ranking flows from sampled traffic. In: ACM CoNEXT, December, ACM Press, New York (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Thomson Research,  

    Augustin Soule & Christophe Diot

  2. Princeton University,  

    Haakon Ringberg & Jennifer Rexford

  3. Federal University of Rio de Janeiro,  

    Fernando Silveira

Authors
  1. Augustin Soule
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haakon Ringberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fernando Silveira
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jennifer Rexford
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christophe Diot
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Steve Uhlig Konstantina Papagiannaki Olivier Bonaventure

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Soule, A., Ringberg, H., Silveira, F., Rexford, J., Diot, C. (2007). Detectability of Traffic Anomalies in Two Adjacent Networks. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds) Passive and Active Network Measurement. PAM 2007. Lecture Notes in Computer Science, vol 4427. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71617-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71617-4_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71616-7

  • Online ISBN: 978-3-540-71617-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation