Sciweavers

SIGCOMM
2010
ACM

ASTUTE: detecting a different class of traffic anomalies

14 years 19 days ago
ASTUTE: detecting a different class of traffic anomalies
When many flows are multiplexed on a non-saturated link, their volume changes over short timescales tend to cancel each other out, making the average change across flows close to zero. This equilibrium property holds if the flows are nearly independent, and it is violated by traffic changes caused by several, potentially small, correlated flows. Many traffic anomalies (both malicious and benign) fit this description. Based on this observation, we exploit equilibrium to design a computationally simple detection method for correlated anomalous flows. We compare our new method to two well known techniques on three network links. We manually classify the anomalies detected by the three methods, and discover that our method uncovers a different class of anomalies than previous techniques do. Categories and Subject Descriptors: C.2.3 [Computer-Communication Networks]: Network Operations General Terms: Experimentation, Measurement.
Fernando Silveira, Christophe Diot, Nina Taft, Ram
Added 06 Dec 2010
Updated 06 Dec 2010
Type Conference
Year 2010
Where SIGCOMM
Authors Fernando Silveira, Christophe Diot, Nina Taft, Ramesh Govindan
Comments (0)