Anomaly Extraction in Backbone Networks Using Association Rules - Archive ouverte HAL Accéder directement au contenu
Article Dans Une Revue IEEE/ACM Transactions on Networking Année : 2012

Anomaly Extraction in Backbone Networks Using Association Rules

Résumé

Anomaly extraction refers to automatically finding, in a large set of flows observed during an anomalous time interval, the flows associated with the anomalous event(s). It is important for root-cause analysis, network forensics, attack mitigation, and anomaly modeling. In this paper, we use meta-data provided by several histogram-based detectors to identify suspicious flows, and then apply association rule mining to find and summarize anomalous flows. Using rich traffic data from a backbone network, we show that our technique effectively finds the flows associated with the anomalous event(s) in all studied cases. In addition, it triggers a very small number of false positives, on average between 2 and 8.5, which exhibit specific patterns and can be trivially sorted out by an administrator. Our anomaly extraction method significantly reduces the work-hours needed for analyzing alarms, making anomaly detection systems more practical.
Fichier principal
Vignette du fichier
06161622.pdf (1.39 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-00737886 , version 1 (21-11-2012)

Identifiants

Citer

Daniela Brauckhoff, Xenofontas Dimitropoulos, Arno Wagner, Kavé Salamatian. Anomaly Extraction in Backbone Networks Using Association Rules. IEEE/ACM Transactions on Networking, 2012, 20 (6), pp.1788-1799. ⟨10.1109/TNET.2012.2187306⟩. ⟨hal-00737886⟩
149 Consultations
821 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More