The increasing number of network attacks causes growing problems for network operators and users. Thus, detecting anomalous traffic is of primary interest in IP networks management. As it appears clearly, the problem becomes even more challenging when taking into consideration backbone networks that add strict constraints in terms of performance.
In recent years, Principal Component Analysis (PCA) has emerged as a very promising technique for detecting a wide variety of network anomalies. PCA is a dimensionality-reduction technique that allows the reduction of the dataset dimensionality (number of variables), while retaining most of the original variability in the data. The set of the original data is projected onto new axes, called Principal Components (PCs). Each PC has the property that it points in the direction of maximum variance remaining in the data, given the variance already accounted for in the preceding components.
[1]
Benoit Claise,et al.
Cisco Systems NetFlow Services Export Version 9
,
2004,
RFC.
[2]
Christian Callegari,et al.
When randomness improves the anomaly detection performance
,
2010,
2010 3rd International Symposium on Applied Sciences in Biomedical and Communication Technologies (ISABEL 2010).
[3]
Christophe Diot,et al.
Diagnosing network-wide traffic anomalies
,
2004,
SIGCOMM.
[4]
Moses Charikar,et al.
Finding frequent items in data streams
,
2004,
Theor. Comput. Sci..
[5]
Balachander Krishnamurthy,et al.
Sketch-based change detection: methods, evaluation, and applications
,
2003,
IMC '03.
[6]
Mark Crovella,et al.
Characterization of network-wide anomalies in traffic flows
,
2004,
IMC '04.