Overview
In this project we study and investigate network anomaly detection algorithms [1] [2] [3] for Internet Paths. We also develop a Decision Theoretic Approach based on our observations about the characteristics of the performance measurements statistics obtained from the IEPM-BW project.
To study and compare the algorithms we use the data sets collected by IEPM-BW starting November 2006 up till March 2008 (approximately 12,000 hours). The Internet paths observed were the links between Stanford Linear Accelerator Center (SLAC) and the following sites:
- San Diego Supercomputing Center (SDSC) USA,
- Oak Ridge National Laboratory (ORNL) USA,
- European Organization for Nuclear Research (CERN) Geneva, Switzerland,
- Forschungszentrum Karlsruhe (FZK) Germany,
- Deutsches Elektronen- Synchrotron (DESY) Germany and
- University of Toronto (UTORONTO) Canada.
Data Sets
The data sets used in the study may be downloaded from the links listed below. Latest performance statistics may be accessed from here.
|
Raw data |
Labeled data |
|---|---|---|
SDSC |
download |
download |
ORNL |
download |
download |
CERN |
download |
download |
FZK |
download |
download |
DESY |
download |
download |
UTORONTO |
download |
download |
Labeling Algorithm
The labeling algorithm is as under:
Implementations and Parameter Tuning
The source code of the implementations and the tuning of parameters is discussed below.
References
- C. Logg, L. Cottrell, and J. Navratil. Experiences in traceroute and available bandwidth change analysis. In NetT '04: Proceedings of the ACM SIGCOMM workshop on Network troubleshooting, pages 247-252. ACM, 2004.
- A. Soule, K. Salamatian, and N. Taft. Combining filtering and statistical methods for anomaly detection. In Internet Measurement Conference (IMC 2005), pages 331-344. USENIX, 2005.
- H. Hajji. Statistical analysis of network traffic for adaptive faults detection. In IEEE Transactions on Neural Networks, pages 1053-1063, 2005.