Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2015, Article ID 923792, 26 pages
http://dx.doi.org/10.1155/2015/923792
Research Article

Network-Wide Traffic Anomaly Detection and Localization Based on Robust Multivariate Probabilistic Calibration Model

1National Digital Switching System Engineering & Technological Research Center, Jianxue Street No. 7, Jinshui District, Zhengzhou 450002, China
2Air Defence Forces Academy of PLA, Zhengzhou, China
3Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang, China

Received 29 April 2015; Revised 5 August 2015; Accepted 6 August 2015

Academic Editor: Mark Leeson

Copyright © 2015 Yuchong Li et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. D. Turner, K. Levchenko, S. Savage, and A. C. Snoeren, “A comparison of syslog and IS-IS for network failure analysis,” in Proceedings of the 13th ACM Internet Measurement Conference (IMC '13), pp. 433–440, ACM, Barcelona, Spain, October 2013. View at Publisher · View at Google Scholar · View at Scopus
  2. R. Vaarandi and M. Pihelgas, “Using security logs for collecting and reporting technical security metrics,” in Proceedings of the 33rd Annual IEEE Military Communications Conference (MILCOM '14), pp. 294–299, IEEE, Baltimore, Md, USA, October 2014. View at Publisher · View at Google Scholar · View at Scopus
  3. K. V. M. Naidu, D. Panigrahi, and R. Rastogi, “Detecting anomalies using end-to-end path measurements,” in Proceedings of the 27th IEEE Conference on Computer Communications (INFOCOM '08), IEEE, Phoenix, Ariz, USA, April 2008. View at Publisher · View at Google Scholar · View at Scopus
  4. P. Barford, N. Duffield, A. Ron, and J. Sommers, “Network performance anomaly detection and localization,” in Proceedings of the 28th Conference on Computer Communications (INFOCOM '09), pp. 1377–1385, IEEE, Rio de Janeiro, Brazil, April 2009. View at Publisher · View at Google Scholar · View at Scopus
  5. G.-Z. Cheng, D.-N. Cheng, and D.-J. Yu, “Network traffic detection based on multi resolution low rank model,” Journal on Communications, vol. 33, no. 1, pp. 182–190, 2012. View at Google Scholar · View at Scopus
  6. T. Guo, J.-L. Lan, Y.-F. Li, and Y.-M. Jiang, “Network traffic prediction with radial basis function neural network based on quantum adaptive particle swarm optimization,” Journal of Electronics and Information Technology, vol. 35, no. 9, pp. 2220–2226, 2013. View at Publisher · View at Google Scholar · View at Scopus
  7. V. Yegneswaran, P. Barford, and J. Ullrich, “Internet intrusions: global characteristics and prevalence,” ACM SIGMETRICS Performance Evaluation Review, vol. 31, no. 1, pp. 138–147, 2003. View at Google Scholar
  8. A. Lakhina, K. Papagiannaki, and M. Crovella, Structural Analysis of Network Traffic Flows, SIGMETRICS, New York, NY, USA, 2004.
  9. A. Lakhina, M. Crovella, and C. Diot, “Diagnosing network-wide traffic anomalies,” in Proceedings of the ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM '04), pp. 65–76, ACM Press, Portland, Ore, USA, August 2004.
  10. A. Soule, K. E. Salamatian, and N. Taft, “Combining filtering and statistical methods for anomaly detection,” in Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC '05), pp. 311–312, Boston, Mass, USA, 2005.
  11. L. Huang, M. Garofalakis, and J. M. Hellerstein, “Toward sophisticated detection with distributed triggers,” in Proceedings of the SIGCOMM Workshop on Mining Network Data (MineNet '06), 2006.
  12. Y.-K. Qian, M. Chen, L.-X. Ye, F.-R. Liu, S.-W. Zhu, and H. Zhang, “Network-wide anomaly detection method based on multiscale principal component analysis,” Journal of Software, vol. 23, no. 2, pp. 361–377, 2012. View at Publisher · View at Google Scholar · View at Scopus
  13. D. Brauckhoff, K. Salamatian, and M. May, “Applying PCA for traffic anomaly detection: problems and solutions,” in Proceedings of the 28th Conference on Computer Communications (INFOCOM '09), pp. 2866–2870, IEEE, Rio de Janeiro, Brazil, April 2009. View at Publisher · View at Google Scholar · View at Scopus
  14. B. I. P. Rubinstein, B. Nelson, L. Huang et al., “Stealthy poisoning attacks on PCA-based anomaly detectors,” in Proceedings of the Joint International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS '09), ACM Press, Seattle, Wash, USA, August 2009.
  15. B. I. P. Rubinstein, B. Nelson, L. Huang et al., “Antidote: Understanding and defending against poisoning of anomaly detectors,” in Proceedings of the 9th ACM SIGCOMM Internet Measurement Conference (IMC '09), pp. 1–14, Chicago, Ill, USA, November 2009. View at Publisher · View at Google Scholar · View at Scopus
  16. Y.-K. Qian and M. Chen, “Poison attack and defense strategies on PCA-based anomaly detector,” Acta Electronica Sinica, vol. 39, no. 3, pp. 543–548, 2011. View at Google Scholar · View at Scopus
  17. T. Ahmed, M. Coates, and A. Lakhina, “Multivariate online anomaly detection using kernel recursive least squares,” in Proceedings of the 26th IEEE International Conference on Computer Communications (INFOCOM '07), pp. 625–633, IEEE, Anchorage, Alaska, USA, May 2007. View at Publisher · View at Google Scholar · View at Scopus
  18. Y.-K. Qian and M. Chen, “MOADA-SVR: a multivariate online anomaly detection algorithm based on SVR,” Journal on Communications, vol. 32, no. 2, pp. 106–113, 2011. View at Google Scholar · View at Scopus
  19. W. Chen, Y. Liu, and Y. Guan, “Cardinality change-based early detection of large-scale cyber-attacks,” in Proceedings of the 32nd IEEE Conference on Computer Communications (INFOCOM '13), pp. 1788–1796, IEEE, Turin, Italy, April 2013. View at Publisher · View at Google Scholar · View at Scopus
  20. Y.-K. Qian, M. Chen, Q. Hao, F.-R. Liu, and W.-Z. Shang, “ODC: a method for online detecting & classifying network-wide traffic anomalies,” Journal on Communications, vol. 32, no. 1, pp. 111–120, 2011. View at Google Scholar · View at Scopus
  21. Y. Zhang, M. Roughan, W. Willinger, and L. Qiu, “Spatio-temporal compressive sensing and internet traffic matrices,” in Proceedings of the ACM SIGCOMM Conference on Data Communication (SIGCOMM '09), pp. 267–278, ACM Press, Barcelona, Spain, August 2009. View at Publisher · View at Google Scholar
  22. H. Ringberg, A. Soule, J. Rexford, and C. Diot, “Sensitivity of PCA for traffic anomaly detection,” in Proceedings of the ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, pp. 78–89, ACM Press, 2007.
  23. D. E. Denning, “An intrusion-detection model,” IEEE Transactions on Software Engineering, vol. 13, no. 2, pp. 222–232, 1987. View at Publisher · View at Google Scholar · View at Scopus
  24. W. Xu and X. Guo, “Nonparametric checks for varying coefficient models with missing response at random,” Metrika, vol. 76, no. 4, pp. 459–482, 2013. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at Scopus
  25. W. Xu and L. Zhu, “Testing the adequacy of varying coefficient models with missing responses at random,” Metrika, vol. 76, no. 1, pp. 53–69, 2013. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at Scopus
  26. B. Eriksson, P. Barford, R. Bowden, N. Duffield, J. Sommers, and M. Roughan, “BasisDetect: a model-based network event detection framework,” in Proceedings of the 10th Internet Measurement Conference (IMC '10), pp. 451–464, ACM Press, Melbourne, Australia, November 2010. View at Publisher · View at Google Scholar · View at Scopus
  27. M. Svensén and C. M. Bishop, “Robust Bayesian mixture modelling,” Neurocomputing, vol. 64, no. 1–4, pp. 235–252, 2005. View at Publisher · View at Google Scholar · View at Scopus
  28. C. Liu and D. B. Rubin, “ML estimation of the t distribution using EM and its extensions, ECM amd ECME,” Statistica Sinica, vol. 5, no. 1, pp. 19–39, 1995. View at Google Scholar
  29. D. Peel and G. J. McLachlan, “Robust mixture modelling using the t distribution,” Statistics and Computing, vol. 10, no. 4, pp. 339–348, 2000. View at Publisher · View at Google Scholar · View at Scopus
  30. M. E. Tipping and C. M. Bishop, “Mixtures of probabilistic principal component analyzers,” Neural Computation, vol. 11, no. 2, pp. 443–482, 1999. View at Publisher · View at Google Scholar · View at Scopus
  31. R. J. Little and D. B. Rubin, Statistical Analysis with Missing Data, Wiley, Chichester, UK, 1987. View at MathSciNet
  32. A. Lakhina, M. Crovella, and C. Diot, “Characterization of network-wide anomalies in traffic flows,” in Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement (IMC '04), pp. 201–206, ACM Press, New York, NY, USA, 2004. View at Publisher · View at Google Scholar
  33. T. Chen, J. Morris, and E. Martin, “Probability density estimation via an infinite Gaussian mixture model: application to statistical process monitoring,” Journal of the Royal Statistical Society, Series C: Applied Statistics, vol. 55, no. 5, pp. 699–715, 2006. View at Publisher · View at Google Scholar · View at Scopus
  34. I. Paredes-Oliva, X. Dimitropoulos, M. Molina, P. Barlet-Ros, and D. Brauckhoff, “Automating root-cause analysis of network anomalies using frequent itemset mining,” ACM SIGCOMM Computer Communication Review, vol. 40, no. 4, pp. 467–468, 2011. View at Publisher · View at Google Scholar
  35. T. Benzel, R. Braden, D. Kim et al., “Experiences with DETER: a testbed for security research,” in Proceedings of 2nd International Conference on Testbeds and Research Infrastructures for the for the Development of Networks and Communities (TridentCom '06), pp. 388–397, IEEE Press, 2006.