IEEE/ACM Transactions on Networking, volume 17, issue 3, pages 685-697

Spatio-Temporal Network Anomaly Detection by Assessing Deviations of Empirical Measures

I C Paschalidis ¹

G Smaragdakis ²

Hide authors affiliations Show authors affiliations: 2 affiliations

Center of Information and Systems Engineering, Department of Electrical and Computer Engineering, and Systems Engineering Division, Boston University, Brookline, MA, USA |

Deutsche Telekom Research and Development Laboratories, Berlin, Germany |

Publication type: Journal Article

Publication date: 2009-06-01

Institute of Electrical and Electronics Engineers (IEEE)

Journal: IEEE/ACM Transactions on Networking

SJR: 2.034

CiteScore: 8.2

Impact factor: 3

ISSN: 10636692, 15582566

DOI: 10.1109/tnet.2008.2001468

Copy DOI

Computer Science Applications

Electrical and Electronic Engineering

Computer Networks and Communications

Software

Abstract

We introduce an Internet traffic anomaly detection mechanism based on large deviations results for empirical measures. Using past traffic traces we characterize network traffic during various time-of-day intervals, assuming that it is anomaly-free. We present two different approaches to characterize traffic: (i) a model-free approach based on the method of types and Sanov's theorem, and (ii) a model-based approach modeling traffic using a Markov modulated process. Using these characterizations as a reference we continuously monitor traffic and employ large deviations and decision theory results to ldquocomparerdquo the empirical measure of the monitored traffic with the corresponding reference characterization, thus, identifying traffic anomalies in real-time. Our experimental results show that applying our methodology (even short-lived) anomalies are identified within a small number of observations. Throughout, we compare the two approaches presenting their advantages and disadvantages to identify and classify temporal network anomalies. We also demonstrate how our framework can be used to monitor traffic from multiple network elements in order to identify both spatial and temporal anomalies. We validate our techniques by analyzing real traffic traces with time-stamped anomalies.

Found

Top-30

Journals

Publishers

	2 4 6 8 10 12 14 16 18 20
Institute of Electrical and Electronics Engineers (IEEE)	Institute of Electrical and Electronics Engineers (IEEE), 19, 33.33% Institute of Electrical and Electronics Engineers (IEEE) 19 publications, 33.33%
Elsevier	Elsevier, 10, 17.54% Elsevier 10 publications, 17.54%
Springer Nature	Springer Nature, 4, 7.02% Springer Nature 4 publications, 7.02%
Association for Computing Machinery (ACM)	Association for Computing Machinery (ACM), 2, 3.51% Association for Computing Machinery (ACM) 2 publications, 3.51%
SAGE	SAGE, 2, 3.51% SAGE 2 publications, 3.51%
Institution of Engineering and Technology (IET)	Institution of Engineering and Technology (IET), 1, 1.75% Institution of Engineering and Technology (IET) 1 publication, 1.75%
MDPI	MDPI, 1, 1.75% MDPI 1 publication, 1.75%
Science in China Press	Science in China Press, 1, 1.75% Science in China Press 1 publication, 1.75%
Wiley	Wiley, 1, 1.75% Wiley 1 publication, 1.75%
Hindawi Limited	Hindawi Limited, 1, 1.75% Hindawi Limited 1 publication, 1.75%
Trans Tech Publications	Trans Tech Publications, 1, 1.75% Trans Tech Publications 1 publication, 1.75%
	2 4 6 8 10 12 14 16 18 20

We do not take into account publications without a DOI.
Statistics recalculated only for publications connected to researchers, organizations and labs registered on the platform.
Statistics recalculated weekly.

Are you a researcher?

Create a profile to get free access to personal recommendations for colleagues and new articles.

Metrics

Cite this

GOST |

Cite this

GOST Copy

Paschalidis I. C., Smaragdakis G. Spatio-Temporal Network Anomaly Detection by Assessing Deviations of Empirical Measures // IEEE/ACM Transactions on Networking. 2009. Vol. 17. No. 3. pp. 685-697.

GOST all authors (up to 50) Copy

Paschalidis I. C., Smaragdakis G. Spatio-Temporal Network Anomaly Detection by Assessing Deviations of Empirical Measures // IEEE/ACM Transactions on Networking. 2009. Vol. 17. No. 3. pp. 685-697.

RIS |

Cite this

RIS Copy

TY - JOUR

DO - 10.1109/tnet.2008.2001468

UR - https://doi.org/10.1109/tnet.2008.2001468

TI - Spatio-Temporal Network Anomaly Detection by Assessing Deviations of Empirical Measures

T2 - IEEE/ACM Transactions on Networking

AU - Paschalidis, I C

AU - Smaragdakis, G

PY - 2009

DA - 2009/06/01

PB - Institute of Electrical and Electronics Engineers (IEEE)

SP - 685-697

IS - 3

VL - 17

SN - 1063-6692

SN - 1558-2566

ER -

BibTex |

Cite this

BibTex (up to 50 authors) Copy

@article{2009_Paschalidis,

author = {I C Paschalidis and G Smaragdakis},

title = {Spatio-Temporal Network Anomaly Detection by Assessing Deviations of Empirical Measures},

journal = {IEEE/ACM Transactions on Networking},

year = {2009},

volume = {17},

publisher = {Institute of Electrical and Electronics Engineers (IEEE)},

month = {jun},

url = {https://doi.org/10.1109/tnet.2008.2001468},

number = {3},

pages = {685--697},

doi = {10.1109/tnet.2008.2001468}

}

MLA

Cite this

MLA Copy

Paschalidis, I. C., and G Smaragdakis. “Spatio-Temporal Network Anomaly Detection by Assessing Deviations of Empirical Measures.” IEEE/ACM Transactions on Networking, vol. 17, no. 3, Jun. 2009, pp. 685-697. https://doi.org/10.1109/tnet.2008.2001468.

Found error?

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Journal

IEEE/ACM Transactions on Networking

SJR

2.034

CiteScore

8.2

Impact factor

ISSN

10636692 (Print)

15582566 (Electronic)

	1 2 3 4
IEEE Access	IEEE Access, 4, 7.02% IEEE Access 4 publications, 7.02%
Computer Networks	Computer Networks, 3, 5.26% Computer Networks 3 publications, 5.26%
Statistical Modelling	Statistical Modelling, 2, 3.51% Statistical Modelling 2 publications, 3.51%
Information Sciences	Information Sciences, 2, 3.51% Information Sciences 2 publications, 3.51%
IEEE Transactions on Signal Processing	IEEE Transactions on Signal Processing, 2, 3.51% IEEE Transactions on Signal Processing 2 publications, 3.51%
IEEE Transactions on Control of Network Systems	IEEE Transactions on Control of Network Systems, 2, 3.51% IEEE Transactions on Control of Network Systems 2 publications, 3.51%
Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies	Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies, 1, 1.75% Proceedings of the ACM on Interactive Mobile Wearable and Ubiquitous Technologies 1 publication, 1.75%
ACM Transactions on Sensor Networks	ACM Transactions on Sensor Networks, 1, 1.75% ACM Transactions on Sensor Networks 1 publication, 1.75%
IET Networks	IET Networks, 1, 1.75% IET Networks 1 publication, 1.75%
Entropy	Entropy, 1, 1.75% Entropy 1 publication, 1.75%
Science China Information Sciences	Science China Information Sciences, 1, 1.75% Science China Information Sciences 1 publication, 1.75%
Statistical Methods and Applications	Statistical Methods and Applications, 1, 1.75% Statistical Methods and Applications 1 publication, 1.75%
Journal of Supercomputing	Journal of Supercomputing, 1, 1.75% Journal of Supercomputing 1 publication, 1.75%
Cluster Computing	Cluster Computing, 1, 1.75% Cluster Computing 1 publication, 1.75%
Data Mining and Knowledge Discovery	Data Mining and Knowledge Discovery, 1, 1.75% Data Mining and Knowledge Discovery 1 publication, 1.75%
International Journal of Medical Informatics	International Journal of Medical Informatics, 1, 1.75% International Journal of Medical Informatics 1 publication, 1.75%
Journal of Process Control	Journal of Process Control, 1, 1.75% Journal of Process Control 1 publication, 1.75%
Journal of Network and Computer Applications	Journal of Network and Computer Applications, 1, 1.75% Journal of Network and Computer Applications 1 publication, 1.75%
Expert Systems with Applications	Expert Systems with Applications, 1, 1.75% Expert Systems with Applications 1 publication, 1.75%
Transactions on Emerging Telecommunications Technologies	Transactions on Emerging Telecommunications Technologies, 1, 1.75% Transactions on Emerging Telecommunications Technologies 1 publication, 1.75%
IEEE Transactions on Cybernetics	IEEE Transactions on Cybernetics, 1, 1.75% IEEE Transactions on Cybernetics 1 publication, 1.75%
IEEE Transactions on Network and Service Management	IEEE Transactions on Network and Service Management, 1, 1.75% IEEE Transactions on Network and Service Management 1 publication, 1.75%
IEEE/ACM Transactions on Networking	IEEE/ACM Transactions on Networking, 1, 1.75% IEEE/ACM Transactions on Networking 1 publication, 1.75%
IEEE Transactions on Visualization and Computer Graphics	IEEE Transactions on Visualization and Computer Graphics, 1, 1.75% IEEE Transactions on Visualization and Computer Graphics 1 publication, 1.75%
Proceedings of the IEEE	Proceedings of the IEEE, 1, 1.75% Proceedings of the IEEE 1 publication, 1.75%
IEEE Transactions on Information Theory	IEEE Transactions on Information Theory, 1, 1.75% IEEE Transactions on Information Theory 1 publication, 1.75%
Security and Communication Networks	Security and Communication Networks, 1, 1.75% Security and Communication Networks 1 publication, 1.75%
Applied Mechanics and Materials	Applied Mechanics and Materials, 1, 1.75% Applied Mechanics and Materials 1 publication, 1.75%
Journal of Computational Science	Journal of Computational Science, 1, 1.75% Journal of Computational Science 1 publication, 1.75%
	1 2 3 4