• Created by Unknown User (umar.kalim), last modified on Jul 23, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

Overview

In this project we study and investigate network anomaly detection algorithms for Internet Paths. We also develop a Decision Theoretic Approach (DTA) based on our observations regarding the characteristics of the performance-measurement statistics obtained from the IEPM-BW project.

To study and compare the algorithms we use the data sets collected by IEPM-BW spanning approximately 3 years (i.e. 2005 - 2008). The Internet paths observed were the links between Stanford Linear Accelerator Center (SLAC) and the following sites:

  1. University of Toronto, Canada.
  2. Deutsches Elektronen-Synchrotron, Germany.
  3. Forschungszentrum Karlsruhe, Germany.
  4. European Organization for Nuclear Research, Geneva, Switzerland.
  5. San Diego Supercomputing Center, USA.
  6. Switch, Switzerland.
  7. University of Florida, USA.
  8. National Laboratory for Particle and Nuclear Physics, Canada.
  9. Oak Ridge National Laboratory, USA.
  10. Budker Institute of Nuclear Physics, Russia.
  11. Daresbury Laboratory, United Kingdom.
  12. California Institute of Technology - CACR, USA.
  13. Istituto Nazionale di Fisica Nucleare, Italy.
  14. Czech NREN Operator, Czech Republic.
  15. Brookhaven National Laboratory, USA.
  16. Argonne National Laboratory, USA.
  17. California Institute of Technology - Ultralight, USA.

The topology of the monitoring framework is shown in figure 1.

Fig. 1: Topology of IEPM as of 07/2008

Data Sets

The data sets used in the study may be downloaded from the links listed below. These data sets were collected by the IEPM-BW project

Table 1: Performance measurement statistics compiled by IEPM, as seen from SLAC.

 

Data Sets with Events

Data Sets with no Events

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7913cc8c-e729-4eb1-859e-8b4af17c22ec"><ac:plain-text-body><![CDATA[

IEPM

[[rar

^datasets-with-events.rar]] 3.4 MB, [[zip

^datasets-with-events.zip]] 3.6 MB

[[rar

^datasets-with-no-events.rar]] 3.3 MB, [[zip

^datasets-with-no-events.zip]] 3.5 MB

]]></ac:plain-text-body></ac:structured-macro>

All files with name "filename_raw_dataset.pathchirp" contain the raw data i.e the available bandwidth measurements along with the timestamps which are used in all algorithms.
All files with name "filename_event_file.txt" contain the list of events identified.

Technical Report - Labeling and Comparative Analysis

The technical report titled "A performance evaluation of anomaly detection algorithms for Internet Paths" is available here.

  • No labels