Abstract
In a large backbone network, it is important to detect shape traffic fluctuation for servicing robust network. However, there are too many interfaces to monitor the characteristics of traffic. First we collect volume traffic of boundary link. From the volume traffic, we make groups which have similar traffic patterns by hierarchical clustering algorithm. This result shows that most of traffic has similar patterns, but some traffic which is far from centroid has an anomaly traffic pattern. This paper gives a hint for network operators that which traffic has to be checked out.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Thompson, K., Miller, G., Willder, R.: Wide area Internet traffic patterns and characteristics. IEEE Network 11, 10–23 (1997)
McCreary, S., Claffy, K.: Trends in wide area ip traffic patterns-a view from ames internet exchange. Technical report, CAIDA (2000)
Brownlee, N., Claffy, K.: Internet measurement. IEEE Internet Computing 08, 30–33 (2004)
Fraleigh, C., Moon, S., Lyles, B., Cotton, C., Khan, M., Moll, D., Rockell, R., Seely, T., Diot, C.: Packet-level traffic measurements from the sprint ip backbone. IEEE Network 17(6), 6–16 (2003)
Fukuda, K., Cho, K., Esaki, H.: The Impact of Residential Broadband Traffic on Japanese ISP Backbones. ACM SIGCOMM Computer Communications Review 35(1), 15–21 (2005)
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: ACM Internet Measurement Workshop, pp. 71–82 (2002)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing Network-Wide Traffic Anomalies. In: ACM SIGCOMM, pp. 219–230 (2004)
John, W., Tafvelin, S.: Analysis of Internet Backbone Traffic and header Anomalies observed. In: 7th ACM SIGCOMM conference on Internet Measurement Conference (2007)
Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. ACM SIGCOMM Computer Communications Review 35(4), 217–218 (2005)
Kim, H., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.Y.: Internet Traffic Classification Demystified: Myths, Caveats, and the Best Practices. In: ACM CoNEXT (2008)
Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: Multilevel Traffic Classification in the Bark. In: ACM SIGCOMM (2005)
Karagiannis, T., Broido, A., Faloutsos, M.: Transport Layer Identification of P2P Traffic. In: 4th ACM SIGCOMM conference on Internet Measurement Conference (2004)
Jonhson, S.C.: Hierarchical Clustering Schemes. Psychometrika, 241–254 (1967)
Clustering, http://en.wikipedia.org/wiki/Cluster_analysis
Clustering, http://home.dei.polimi.it/matteucc/Clustering/tutorial_html/hierarchical.html
RFC 1213, http://www.ietf.org/rfc/rfc1213.txt
Correlation, http://en.wikipedia.org/wiki/Correlation
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Son, C., Cho, SH., Yoo, JH. (2009). Volume Traffic Anomaly Detection Using Hierarchical Clustering. In: Hong, C.S., Tonouchi, T., Ma, Y., Chao, CS. (eds) Management Enabling the Future Internet for Changing Business and New Computing Services. APNOMS 2009. Lecture Notes in Computer Science, vol 5787. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04492-2_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-04492-2_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04491-5
Online ISBN: 978-3-642-04492-2
eBook Packages: Computer ScienceComputer Science (R0)