Influence of Data-Reduction Techniques on Traffic Anomaly Detection
Source: Princeton University
Statistical techniques for detecting anomalous traffic can be an invaluable tool for the operators of large IP networks. However, the effectiveness of anomaly-detection schemes is extremely sensitive to the data-reduction methods used to manage the large volume of data and identify the statistical outliers. In this paper, the authors analyze the impact of sampling, temporal aggregation, and IP address anonymization on anomaly detection, focusing on one week of data for the Abilene and Geant backbones.