Download now Free registration required
Traffic anomaly detection using high performance measurement systems offers the possibility of improving the speed of detection and enabling detection of important, short-lived anomalies. In this paper the authors investigate the problem of detecting anomalies using traffic measurements with fine-grained timestamps. They develop a new detection algorithm (Called S3) that utilizes a Bayes Net to efficiently consider multiple input signals and to explicitly define what is considered "Anomalous". The input signals considered by S3 are traffic volumes and correlations between ingress/egress packet and bit rates. These complementary signals enable identification of an expanded range of anomalies.
- Format: PDF
- Size: 177.34 KB