To search, Click below search items.


All Published Papers Search Service


Anomaly Detection using Spatio-Temporal Measures


Syed Azahad, R. Lakshmi Tulasi


Vol. 13  No. 7  pp. 149-154


With the development of network technology and growing en-largement of network size, the network structure is becoming more and more complicated. Mutual interactions of different network equipment, topology configurations, transmission protocols and cooperation and competition among the network users inevitably cause the network traffic flow which is controlled by several driving factors to appear non-stationary and complicated behavior. Because of its non-stationary property it cannot easily use tradi-tional way to analyze the complicated network traffic. We present different approaches to characterize traffic: (i) a model-free ap-proach based on the method of types and Sanov’s theorem, (ii) a model-based approach modeling traffic using a super statistics theory (iii) another model ?based approach using Markov modu-lated process. Using these characterizations as a reference we continuously monitor traffic and employ large deviations and decision theory results to “compare” the empirical measure of the monitored traffic with the corresponding reference characterization, thus, identifying traffic anomalies in real-time. According to the super statistics theory, the complex dynamic system may have a large fluctuation of intensive quantities on large time scales which cause the system to behave as non-stationary which is also the characteristic of network traffic. Partitioning the non-stationary traffic time series into small stationary segments which can be modeled by discrete Generalized Pareto (GP) distribution. Different segments follow GP distribution with different distribution parameters which are named slow parameters. Throughout, we compare these two approaches presenting their advantages and disadvantages to identify and classify temporal network anomalies. We also demonstrate how our framework can be used to monitor traffic from multiple network elements in order to identify both spatial and temporal anomalies. We validate our techniques by analyzing real traffic traces with time-stamped anomalies


Large deviations, Markov processes, method of types, Super sta-tistics, Pareto distribution, network traffic.