Detecting Anomaly in Large-scale Network using Mobile Crowdsourcing

In this paper, we propose a tree modeling-based data mining method to detect anomalies from crowdsourced network data. We design an algorithm to extract potential network anomalies from decision trees. Moreover, we propose a criteria to evaluate the severity of anomaly in terms of three factors: standard deviation, weight sum and impurity decrease. To enhance generalization performance, we randomly generate sample subspace of the original dataset as the input for each subtree and compact detected anomalies from all subtrees. We carry out experiments based on the crowdsourced network measurement dataset containing five million samples, which contains round trip time (RTT) from more than 5,000 users. Experiments show that the proposed method can effectively detect high-latency network anomalies. Moreover, the random forest-based approach can achieve an improvement of approximately 25% of generalization performance compared to the single decision tree approach.

[1]  Tao Wang,et al.  Mobileinsight: extracting and analyzing cellular network information on smartphones , 2016, MobiCom.

[2]  Yugyung Lee,et al.  Real-time network anomaly detection system using machine learning , 2015, 2015 11th International Conference on the Design of Reliable Communication Networks (DRCN).

[3]  John P. Rula,et al.  Crowdsourcing ISP characterization to the network edge , 2011, W-MUST '11.

[4]  Henning Schulzrinne,et al.  DYSWIS: Crowdsourcing a home network diagnosis , 2014, 2014 23rd International Conference on Computer Communication and Networks (ICCCN).

[5]  Özgü Alay,et al.  Revisiting congestion control for multipath TCP with shared bottleneck detection , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[6]  Frank Feather,et al.  Fault detection in an Ethernet network using anomaly signature matching , 1993, SIGCOMM '93.

[7]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[8]  Gholamhossein Dastghaibyfard,et al.  Two-tier network anomaly detection model: a machine learning approach , 2017, Journal of Intelligent Information Systems.

[9]  Zihui Ge,et al.  Detecting and localizing end-to-end performance degradation for cellular data services , 2016, INFOCOM.

[10]  Marina Thottan,et al.  Statistical Detection of Enterprise Network Problems , 2004, Journal of Network and Systems Management.

[11]  Xinbing Wang,et al.  cniCloud: Querying the Cellular Network Information at Scale , 2017, WiNTECH.

[12]  M. Kenward,et al.  An Introduction to the Bootstrap , 2007 .

[13]  Shichang Xu,et al.  Mobilyzer: An Open Platform for Controllable Mobile Network Measurements , 2015, MobiSys.

[14]  Ion Stoica,et al.  Automating Diagnosis of Cellular Radio Access Network Problems , 2017, MobiCom.

[15]  kc claffy,et al.  Investigating Excessive Delays in Mobile Broadband Networks , 2015, AllThingsCellular@SIGCOMM.

[16]  Dario Rossi,et al.  Framework, models and controlled experiments for network troubleshooting , 2016, Comput. Networks.

[17]  Ethan Katz-Bassett,et al.  Mobile Network Performance from User Devices: A Longitudinal, Multidimensional Analysis , 2014, PAM.

[18]  Debin Gao,et al.  MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance , 2017, USENIX Annual Technical Conference.

[19]  Jing Tao,et al.  Modeling repeating behaviors in packet arrivals: Detection and measurement , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[20]  Frank Feather,et al.  Fault detection in an Ethernet network using anomaly signature matching , 1993, SIGCOMM 1993.

[21]  Leo Breiman,et al.  Classification and Regression Trees , 1984 .

[22]  Zhenjiang Li,et al.  aLeak: Privacy Leakage through Context - Free Wearable Side-Channel , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[23]  Dan Pei,et al.  Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning , 2015, Internet Measurement Conference.