Spatial Anomaly Detection Using Fast xFlow Proxy for Nation-Wide IP Network
This paper proposes an anomaly-detection method using the Fast xFlow Proxy, which enables fine-grained measurement of communication traffic. When a fault occurs in services or networks, communication traffic changes from its normal behavior. Therefore, anomalies can be detected by analyzing their au...
Gespeichert in:
Veröffentlicht in: | IEICE Transactions on Communications 2024/11/01, Vol.E107.B(11), pp.728-738 |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | This paper proposes an anomaly-detection method using the Fast xFlow Proxy, which enables fine-grained measurement of communication traffic. When a fault occurs in services or networks, communication traffic changes from its normal behavior. Therefore, anomalies can be detected by analyzing their autocorrelations. However, in large-scale carrier networks, packets are generally encapsulated and observed as aggregate values, making it difficult to detect minute changes in individual communication flows. Therefore, we developed the Fast xFlow Proxy, which analyzes encapsulated packets in real time and enables flows to be measured at an arbitrary granularity. In this paper, we propose an algorithm that utilizes the Fast xFlow Proxy to detect not only the anomaly occurrence but also its cause, that is, the location of the fault at the end-to-end. The idea is not only to analyze the autocorrelation of a specific flow but also to apply spatial analysis to estimate the fault location by comparing the behavior of multiple flows. Through extensive simulations, we demonstrate that base station, network, and service faults can be detected without any false negative detections. |
---|---|
ISSN: | 0916-8516 1745-1345 |
DOI: | 10.23919/transcom.2023EBP3208 |