Show simple item record

dc.contributor.authorLakhina, Anukoolen_US
dc.contributor.authorCrovella, Marken_US
dc.contributor.authorDiot, Christopheen_US
dc.date.accessioned2011-10-20T04:19:14Z
dc.date.available2011-10-20T04:19:14Z
dc.date.issued2004-02-24
dc.identifier.urihttps://hdl.handle.net/2144/1536
dc.description.abstractAnomalies are unusual and significant changes in a network's traffic levels, which can often involve multiple links. Diagnosing anomalies is critical for both network operators and end users. It is a difficult problem because one must extract and interpret anomalous patterns from large amounts of high-dimensional, noisy data. In this paper we propose a general method to diagnose anomalies. This method is based on a separation of the high-dimensional space occupied by a set of network traffic measurements into disjoint subspaces corresponding to normal and anomalous network conditions. We show that this separation can be performed effectively using Principal Component Analysis. Using only simple traffic measurements from links, we study volume anomalies and show that the method can: (1) accurately detect when a volume anomaly is occurring; (2) correctly identify the underlying origin-destination (OD) flow which is the source of the anomaly; and (3) accurately estimate the amount of traffic involved in the anomalous OD flow. We evaluate the method's ability to diagnose (i.e., detect, identify, and quantify) both existing and synthetically injected volume anomalies in real traffic from two backbone networks. Our method consistently diagnoses the largest volume anomalies, and does so with a very low false alarm rate.en_US
dc.description.sponsorshipCentre National de la Recherche Scientifique (CNRS) France; Sprint Labs; National Science Foundation (ANI-9986397, CCR-0325701)en_US
dc.language.isoen_US
dc.publisherBoston University Computer Science Departmenten_US
dc.relation.ispartofseriesBUCS Technical Reports;BUCS-TR-2004-008
dc.titleDiagnosing Network-Wide Traffic Anomaliesen_US
dc.typeTechnical Reporten_US


This item appears in the following Collection(s)

Show simple item record