Overview
Over the last decade, enterprise networks have scaled dramatically in terms of their capacities, sizes, and supported applications and services. Identification of anomalous events in these networks is becoming increasingly challenging for network operators as the anomalies have now become quite diverse, such as: 1) security threats (e.g., port scans, worms and DoS attacks), 2) equipment failures (e.g., end-host failure, link outage), 3) uncharacteristic usage (e.g., flash crowds, high volume flows), 4) uncharacteristic behavior (e.g., misconfigurations, fluttering in traffic routes), etc.