AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (2 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

PCA-Based Network Traffic Anomaly Detection

Meimei DingHui Tian( )
School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China.
Show Author Information

Abstract

The use of a Traffic Matrix (TM) to describe the characteristics of a global network has attracted significant interest in network performance research. Due to the high dimensionality and sparsity of network traffic, Principal Component Analysis (PCA) has been successfully applied to TM analysis. PCA is one of the most common methods used in analysis of high-dimensional objects. This paper shows how to apply PCA to TM analysis and anomaly detection. The experiment results demonstrate that the PCA-based method can detect anomalies for both single and multiple nodes with high accuracy and efficiency.

References

[1]
Ward A., Glynn P., and Richardson K., Internet service performance failure detection, Performance Evaluation Review, vol. 26, no. 3, pp. 38-44, 1998.
[2]
Willinger W., Rincón D., and Roughan M., Towards a meaningful MRA of traffic matrices, in IMC Proceedings of ACM Sigcomm Conference on Internet Measurement, 2008, pp. 331-336.
[3]
Zhang Y., Roughan M., Duffield N., and Greenberg A., Fast accurate computation of large-scale IP traffic matrices from link loads, ACM Sigmetrics Performance Evaluation Review, vol. 31, no. 1, pp. 206-217, 2003.
[4]
Crovella M. and Kolaczyk E., Graph wavelets for spatial traffic analysis, Proceedings-IEEE INFOCOM, vol. 3, pp. 1848-1857, 2002.
[5]
Haupt J., Bajwa W. U., Rabbat M., and Nowak R., Compressed sensing for networked data, IEEE Signal Processing Magazine, vol. 25, no. 2, pp. 92-101, 2008.
[6]
Coates M., Pointurier Y., and Rabbat M., Compressed network monitoring for IP and all-optical networks, in ACM SIGCOMM Internet Measurement Conference (IMC), 2007, pp. 241-252.
[7]
Barford P., Kline J., Plonka D., and Ron A., A signal analysis of network traffic anomalies, in Proceedings of Internet Measurement Workshop, 2002, pp. 71-82.
[8]
Hellerstein J., Zhang F., and Shahabuddin P., A statistical approach to predictive detection, Computer Networks, vol. 35, no. 1, pp. 77-95, 2001.
[9]
Hamerly G. and Elkan C., Bayesian approaches to failure prediction for disk drives, in ICML’01 Proceedings of the Eighteenth International Conference on Machine Learning, 2001, pp. 202-209.
[10]
Shen K., Zhong M., and Li C., I/O system performance debugging using model-driven anomaly characterization, in 4th USENIX Conference on File and Storage Technologies, 2005, pp. 309-322.
[11]
Tian H., Zhong B., and Shen H., Diffusion wavelet-based analysis on traffic matrices by different diffusion operators, Computers & Electrical Engineering, vol. 40, no. 6, pp. 1874-1882, 2014.
[12]
Sun T., Tian H., and Mei X., Anomaly detection and localization by diffusion wavelet-based analysis on traffic matrix, Computer Science and Information Systems, vol. 12, no. 4, pp. 1361-1374, 2015.
[13]
Qian Y., Chen M., and Hao Q., ODC: A method for online detecting & classifying network-wide traffic anomalies, Journal on Communications, pp. 134-141, 2011.
[14]
Zhang Y., Singh S., Sen S., Duffield N., and Lund C., Online identification of hierarchical heavy hitters: Algorithms, evaluation, and applications, in Proc. of the 4th ACM SIGCOMM Conference on Internet Measurement (IMC), 2004, pp. 101-114.
[15]
Lakhina A., Crovella M., and Diot C., Diagnosing network-wide traffic anomalies, Computer Communication Review, vol. 34, no. 4, pp. 219-230, 2004.
[16]
Lakhina A., Papagiannaki K., Crovella M., Diot C., Kolaczyk E. D., and Taft N., Structural analysis of network traffic flows, ACM Sigmetrics Performance Evaluation Review, vol. 32, no. 1, pp. 61-72, 2004.
[17]
Wang C. and Mahadevan S., Multiscale dimensionality reduction based on diffusion wavelets, Technical Report, Department of Computer Science, University of Massachusetts, USA, 2009.
[18]
Beitollahi H. and Deconinck G., Connection score: A statistical technique to resist application layer DDoS attacks, Journal of Ambient Intelligence and Humanized Computing, vol. 5, no. 3, pp. 425-442, 2014.
[19]
Huang L,, Nguyen X. L., Garofalakis M. N., Jordon M. I., Joseph A. D., and Taft N., In-network PCA and anomaly detection, in Advances in Neural Information Processing Systems 19 (NIPS 2006), 2006, pp. 617-624.
[20]
Zheng Z., Li Y., and Lan Z., Anomaly localization in large-scale clusters, in IEEE International Conference on Cluster Computing, 2007, pp. 322-330.
[21]
Eriksson B., Barford P., Bowden R., Duffield N., Sommers J., and Roughan M., BasisDetect: A model-based network event detection framework, in Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, Melbourne, Australia, 2010, pp. 1-30.
Tsinghua Science and Technology
Pages 500-509
Cite this article:
Ding M, Tian H. PCA-Based Network Traffic Anomaly Detection. Tsinghua Science and Technology, 2016, 21(5): 500-509. https://doi.org/10.1109/TST.2016.7590319

505

Views

27

Downloads

36

Crossref

N/A

Web of Science

42

Scopus

3

CSCD

Altmetrics

Received: 28 June 2016
Revised: 04 August 2016
Accepted: 30 August 2016
Published: 18 October 2016
© The author(s) 2016
Return