Anomaly Detection Based on Aggregated Network Behavior Metrics
Network measurement is important to many network management tasks, including traffic anomaly detection. Aggregating packet header information is an effective and efficient way to collect network traffic statistics. We propose a set of aggregated network metrics that may be used to characterize the overall network behaviors. These metrics are generated from packet header based statistics and are stable to normal traffic while sensitive to anomaly. We further apply principal components analysis and information gain analysis to reduce data size. It is evaluated by experiments that the proposed detection system may generate satisfactory classification of network traffic.
network metrics anomaly detection data reduction
Gang Shen Dalong Chen Zhongping Qin
Huazhong University of Science and Technology, Wuhan, China 430074
国际会议
上海
英文
2007-09-21(万方平台首次上网日期,不代表论文的发表时间)