Large-scale IP network behavior anomaly detection and identification using substructure-based approach and multivariate time series mining

Large-scale IP network behavior anomaly detection and identification using substructure-based approach and multivariate time series mining

In this paper, a substructure-based network behavior anomaly detection approach, called WFS (Weighted Frequent Subgraphs), is proposed to detect the anomalies of a large-scale IP networks. With application of WFS, an entire graph is examined, unusual substructures of which are reported. Due to addit...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Telecommunication systems 2012-04, Vol.50 (1), p.1-13
Hauptverfasser: He, Weisong, Hu, Guangmin, Zhou, Yingjie
Format: Artikel
Sprache:eng
Schlagworte:
Analysis
Anomalies
Artificial Intelligence
Business and Management
Communications systems
Computer Communication Networks
Data mining
Design engineering
Entropy
Graph theory
Graphs
IP (Internet Protocol)
IT in Business
Mining
Multivariate analysis
Networks
Probability Theory and Stochastic Processes
Studies
Substructures
Telecommunications systems
Time series
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, a substructure-based network behavior anomaly detection approach, called WFS (Weighted Frequent Subgraphs), is proposed to detect the anomalies of a large-scale IP networks. With application of WFS, an entire graph is examined, unusual substructures of which are reported. Due to additional information given by the graph, the anomalies are able to be detected more accurately. With multivariate time series motif association rules mining (MTSMARM), the patterns of abnormal traffic behavior are able to be obtained. In order to verify the above proposals, experiments are conducted and, together with application of backbone networks (Internet2) Netflow data, show some positive results.
ISSN:1018-4864
1572-9451
DOI:10.1007/s11235-010-9384-1