Distributed detection/localization of change-points in high-dimensional network traffic data
- 257 Downloads
We propose a novel approach for distributed statistical detection of change-points in high-volume network traffic. We consider more specifically the task of detecting and identifying the targets of Distributed Denial of Service (DDoS) attacks. The proposed algorithm, called DTopRank, performs distributed network anomaly detection by aggregating the partial information gathered in a set of network monitors. In order to address massive data while limiting the communication overhead within the network, the approach combines record filtering at the monitor level and a nonparametric rank test for doubly censored time series at the central decision site. The performance of the DTopRank algorithm is illustrated both on synthetic data as well as from a traffic trace provided by a major Internet service provider.
KeywordsDistributed detection Change-point detection Rank test Censored data Network anomaly detection
Unable to display preview. Download preview PDF.
- Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Applications. Prentice Hall, New York (1993) Google Scholar
- Brodsky, B.E., Darkhovsky, B.S.: Nonparametric Methods in Change-Point Problems. Kluwer Academic, Dordrecht (1993) Google Scholar
- Csörgő, M., Horváth, L.: Limit Theorems in Change-Point Analysis. Wiley, New York (1997) Google Scholar
- Erdős, P., Rényi, A.: On random graphs. I. Publ. Math. (Debr.) 6, 290–297 (1959) Google Scholar
- Huang, L., Nguyen, X., Garofalakis, M., Jordan, M.I., Joseph, A., Taft, N.: In-network PCA and anomaly detection. In: Schölkopf, B., Platt, J., Hoffman, T. (eds.) Advances in Neural Information Processing Systems, vol. 19, pp. 617–624. MIT Press, Cambridge (2007) Google Scholar