Versions Compared

Old Version 6

changes.mady.by.user Unknown User (umar.kalim)

Saved on

compared with

New Version 7

changes.mady.by.user Unknown User (umar.kalim)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
In this project we study and investigate network anomaly detection algorithms \[1\] \[2\] \[3\] for Internet Paths. We also develop a _Decision Theoretic Approach_ (DTA) based on our observations about the characteristics of the performance measurements statistics obtained from the [IEPM-BW] project.

...

  1. San Diego Supercomputing Center (SDSC) USA,
  2. Oak Ridge National Laboratory (ORNL) USA,
  3. European Organization for Nuclear Research (CERN) Geneva, Switzerland,
  4. Forschungszentrum Karlsruhe (FZK) Germany,
  5. Deutsches Elektronen- Synchrotron (DESY) Germany and
  6. University of Toronto (UTORONTO) Canada.

The topology of the monitoring framework is shown in figure 1.

Fig. 1: Topology of IEPM as of 07/2008

Image Added

Data Sets

The data sets used in the study may be downloaded from the links listed below. These data sets were collected by the IEPM-BW project and the latest performance statistics may be accessed from here.

 

Raw data

Labeled data

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d187ceb18800b4bd-4116eac6-4c2b4758-b08fa410-3ba67b6f968b0c8b1850d078"><ac:plain-text-body><![CDATA[

SDSC

[[csv

http://www.slac.stanford.edu/~kalim/event-detection/published-data/SDSC-pathchirp.csv]], [[xls

http://www.slac.stanford.edu/~kalim/event-detection/published-data/SDSC-pathchirp.xls]]

[[txt

http://www.slac.stanford.edu/~kalim/event-detection/published-data/UTORONTO-pathchirp-labeled-events.txt]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0f7fc766536df0a7-3b73f527-437a4d53-b95abd18-3aa1ef53a1ccc0d224ecebb2"><ac:plain-text-body><![CDATA[

CERN

[[csv

http://www.slac.stanford.edu/~kalim/event-detection/published-data/CERN-pathchirp.csv]], [[xls

http://www.slac.stanford.edu/~kalim/event-detection/published-data/CERN-pathchirp.xls]]

[[txt

http://www.slac.stanford.edu/~kalim/event-detection/published-data/CERN-pathchirp-labeled-events.txt]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c3d63bbf2e7521dc-67cc7f83-401941b9-942f9ba5-cff128cc8b7f790dd3d8e77f"><ac:plain-text-body><![CDATA[

FZK

[[csv

http://www.slac.stanford.edu/~kalim/event-detection/published-data/FZK-pathchirp.csv]], [[xls

http://www.slac.stanford.edu/~kalim/event-detection/published-data/FZK-pathchirp.xls]]

[[txt

http://www.slac.stanford.edu/~kalim/event-detection/published-data/FZK-pathchirp-labeled-events.txt]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cd753ef51a18c69f-d4459b84-4b92493c-bbc1bd2a-357264e42b266c8360ea7337"><ac:plain-text-body><![CDATA[

DESY

[[csv

http://www.slac.stanford.edu/~kalim/event-detection/published-data/DESY-pathchirp.csv]], [[xls

http://www.slac.stanford.edu/~kalim/event-detection/published-data/DESY-pathchirp.xls]]

[[txt

http://www.slac.stanford.edu/~kalim/event-detection/published-data/DESY-pathchirp-labeled-events.txt]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="504cae602e4c6d09-b008cc53-42004580-9ebb8e5f-c6e65aeb2c54d2e1b53b898d"><ac:plain-text-body><![CDATA[

UTORONTO

[[csv

http://www.slac.stanford.edu/~kalim/event-detection/published-data/UTORONTO-pathchirp.csv]], [[xls

http://www.slac.stanford.edu/~kalim/event-detection/published-data/UTORONTO-pathchirp.xls]]

[[txt

http://www.slac.stanford.edu/~kalim/event-detection/published-data/UTORONTO-pathchirp-labeled-events.txt]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6f77f59c9beaa852-4c615a03-43724437-b69b903b-c332d0c1081cd61a4197c105"><ac:plain-text-body><![CDATA[

ORNL

[[csv

http://www.slac.stanford.edu/~kalim/event-detection/published-data/ORNL-pathchirp.csv]], [[xls

http://www.slac.stanford.edu/~kalim/event-detection/published-data/ORNL-pathchirp.xls]]

[txt]

]]></ac:plain-text-body></ac:structured-macro>

Wiki Markup
Download the complete data archive \[[zip|http://www.slac.stanford.edu/~kalim/event-detection/published-data/published-data.zip] 11 MB\] or \[[7z|http://www.slac.stanford.edu/~kalim/event-detection/published-data/published-data.7z] 7.2 MB\]

Labeling

...

and Detection Algorithms

Wiki Markup
To perform a fair comparison between \[1\], \[2\], \[3\] and the proposed DTA we devised a labeling algorithm to identify true anomalies in the data sets. This labeled data was then used to determine the accuracy (true-positive rate), false-positive rate and the detection delay. The labeling algorithm and the decision theoretic approach for real-time anomaly detection are discussed in the research paper. (The paper will be posted soon.)
\\
The labeling algorithm is as under: 
Implementations and Parameter Tuning
...