Proposal of a new information theory-based technique based on traffic anomaly detection analysis

The change-point detection theory is used to identify abrupt changes in the network traffic. The literature has focused on longitudinal traffic analysis, namely, detecting sudden peak changes, rather than analysing the traffic pattern on a 24 h typical day. As traffic varies throughout the day, it is essential to consider the concrete traffic period in which the anomaly occurs, which is useful for checking interconnection agreements amongst operators, something not possible with traditional sudden peak changes techniques. The aim of this paper is to analyse how the different algorithms behave in detecting changing points inside a typical day profile. We conclude that a combination of the algorithms provides better results than the use of a single one: in low traffic periods the tests of goodness-of-fit best detect changing conditions, while in normal traffic periods (daytime) entropy-based algorithms best detect traffic increases; besides, the statistical control charts complements both of them when detecting very abrupt changes regardless of the traffic load.

[1]  Michèle Basseville,et al.  Detection of abrupt changes , 1993 .

[2]  D. Cox Prediction by Exponentially Weighted Moving Averages and Related Methods , 1961 .

[3]  Paulo Romero Martins Maciel,et al.  Performance Analysis of Control Charts Techniques Applied to IP Traffic Forecasts , 2011, 2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies.

[4]  C. B. Bell Mutual Information and Maximal Correlation as Measures of Dependence , 1962 .

[5]  Abdessamad Kobi,et al.  Fault detection and identification with a new feature selection based on mutual information , 2008 .

[6]  K. Pearson On the Criterion that a Given System of Deviations from the Probable in the Case of a Correlated System of Variables is Such that it Can be Reasonably Supposed to have Arisen from Random Sampling , 1900 .

[7]  Fred Spiring,et al.  Introduction to Statistical Quality Control , 2007, Technometrics.

[8]  Meshack Linda Bulunga Change-point detection in dynamical systems using auto-associative neural networks , 2012 .

[9]  Marco Mellia,et al.  Anomaly detection in diurnal data , 2014, Comput. Networks.

[10]  D. Marinescu,et al.  Classical and Quantum Information Theory , 2011 .

[11]  Karl Pearson F.R.S. X. On the criterion that a given system of deviations from the probable in the case of a correlated system of variables is such that it can be reasonably supposed to have arisen from random sampling , 2009 .

[12]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[13]  Hongjoong Kim,et al.  A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods , 2006, IEEE Transactions on Signal Processing.

[14]  Christian Callegari,et al.  WAVE-CUSUM: Improving CUSUM performance in network anomaly detection by means of wavelet analysis , 2012, Comput. Secur..

[15]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[16]  Thomas Drugman,et al.  Using mutual information in supervised temporal event detection: Application to cough detection , 2014, Biomed. Signal Process. Control..

[17]  Stephan Bohacek,et al.  Dynamic Modeling of Internet Traffic for Intrusion Detection , 2007, EURASIP J. Adv. Signal Process..

[18]  A. Pettitt,et al.  The Kolmogorov-Smirnov Goodness-of-Fit Statistic with Discrete and Grouped Data , 1977 .

[19]  Emile Aben,et al.  Traffic anomaly detection using a distributed measurement network , 2012 .

[20]  Thomas Magedanz,et al.  Survey of network security systems to counter SIP-based denial-of-service attacks , 2010, Comput. Secur..

[21]  D. Marinescu,et al.  Classical and Quantum Information , 2012 .

[22]  James J. Filliben,et al.  NIST/SEMATECH e-Handbook of Statistical Methods; Chapter 1: Exploratory Data Analysis , 2003 .

[23]  E. S. Page CONTINUOUS INSPECTION SCHEMES , 1954 .

[24]  Stergios B. Fotopoulos,et al.  Introduction to Modern Nonparametric Statistics , 2004, Technometrics.

[25]  Paulo Romero Martins Maciel,et al.  Comparison analysis of statistical control charts for quality monitoring of network traffic forecasts , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[26]  H. Chernoff,et al.  The Use of Maximum Likelihood Estimates in {\chi^2} Tests for Goodness of Fit , 1954 .

[27]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[28]  W. A. Shewhart,et al.  Some applications of statistical methods to the analysis of physical and engineering data , 1924 .

[29]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .