Dartmouth College Computer Science
Technical Report series
TR search TR listserv
|By author:||A B C D E F G H I J K L M N O P Q R S T U V W X Y Z|
|By number:||2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1994, 1993, 1992, 1991, 1990, 1989, 1988, 1987, 1986|
Anomaly detection in computer networks yields valuable information on
events relating to the components of a network, their states, the users
in a network and their activities. This thesis provides a unified
distribution-based methodology for online detection of anomalies in
network traffic streams. The methodology is distribution-based in that
it regards the traffic stream as a time series of distributions
(histograms), and monitors metrics of distributions in the time series.
The effectiveness of the methodology is demonstrated in three
application scenarios. First, in 802.11 wireless traffic, we show the
ability to detect certain classes of attacks using the methodology.
Second, in information network update streams (specifically in
Wikipedia) we show the ability to detect the activity of bots, flash
events, and outages, as they occur. Third, in Voice over IP traffic
streams, we show the ability to detect covert channels that exfiltrate
confidential information out of the network. Our experiments show the
high detection rate of the methodology when compared to other existing
methods, while maintaining a low rate of false positives. Furthermore,
we provide algorithmic results that enable efficient and scalable
implementation of the above methodology, to accomodate the massive data
rates observed in modern infomation streams on the Internet.
Through these applications, we present an extensive study of several aspects of the methodology. We analyze the behavior of metrics we consider, providing justification of our choice of those metrics, and how they can be used to diagnose anomalies. We provide insight into the choice of parameters, like window length and threshold, used in anomaly detection.
Ph.D Dissertation. Advisor: Amit Chakrabarti
Bibliographic citation for this report: [plain text] [BIB] [BibTeX] [Refer]
Or copy and paste:
Chrisil Arackaparambil, "Anomaly Detection in Network Streams Through a Distributional Lens." Dartmouth Computer Science Technical Report TR2011-707, September 2011.
Notify me about new tech reports.
Search the technical reports.
To receive paper copy of a report, by mail, send your address and the TR number to reports AT cs.dartmouth.edu
Copyright notice: The documents contained in this server are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
Technical reports collection maintained by David Kotz.