Home > Research > Publications & Outputs > Traffic anomaly diagnosis in Internet backbone ...

Links

Text available via DOI:

View graph of relations

Traffic anomaly diagnosis in Internet backbone networks: a survey

Research output: Contribution to journalJournal articlepeer-review

Published

Standard

Traffic anomaly diagnosis in Internet backbone networks : a survey. / Marnerides, Angelos; Schaeffer-Filho, Alberto ; Mauthe, Andreas.

In: Computer Networks, Vol. 73, 14.11.2014, p. 224-243.

Research output: Contribution to journalJournal articlepeer-review

Harvard

APA

Vancouver

Author

Marnerides, Angelos ; Schaeffer-Filho, Alberto ; Mauthe, Andreas. / Traffic anomaly diagnosis in Internet backbone networks : a survey. In: Computer Networks. 2014 ; Vol. 73. pp. 224-243.

Bibtex

@article{0b1152eb0fc945eda24017f8efd2a8b9,
title = "Traffic anomaly diagnosis in Internet backbone networks: a survey",
abstract = "Computer networks are becoming increasingly important in supporting business and everyday activities. In particular, the Internet has become part of the critical infrastructure and has a strategic importance in our society and in the digital economy. These developments have led to a highly dynamic network utilization, where traffic fluctuations and seemingly random and anomalous traffic patterns are commonly manifested and hard to diagnose. In order to ensure the protection and resilience of such networks, it is necessary to better analyze and observe network traffic. Thus, anomaly diagnosis aims to discover and characterize critical anomalies affecting the network infrastructure, where the source of these anomalies may be deliberately malicious (e.g. attacks) or unintentional (e.g. failures, misconfigurations or legitimate but abnormal use of the network such as in flash crowds). However, although there is a multitude of algorithms and techniques looking at different elements of the analysis of network traffic anomalies, most research typically focuses on a specific aspect or methodology and there is very little regard for the overall context. This survey aims to present a comprehensive investigation of the current state of the art within the network anomaly diagnosis domain, in particular for Internet backbone networks. We decompose the overall anomaly diagnosis problem spectrum into four main dimensions, namely, processing costs, diagnosis granularity, theoretical methodologies and traffic features. Subsequently the anomaly diagnosis research area is structured further and an overview of the most relevant research is provided by individually reviewing each component of the problem spectrum and proposed solutions with a deeper focus on methodologies and features. Further, we also present and review seminal pieces of work that are considered cornerstones of the anomaly diagnosis research domain.",
keywords = "Internet traffic anomalies, Anomaly detection, Feature selection, Digital signal processing, Information theory, Statistical methods",
author = "Angelos Marnerides and Alberto Schaeffer-Filho and Andreas Mauthe",
year = "2014",
month = nov,
day = "14",
doi = "10.1016/j.comnet.2014.08.007",
language = "English",
volume = "73",
pages = "224--243",
journal = "Computer Networks",
issn = "1389-1286",
publisher = "ELSEVIER SCIENCE BV",

}

RIS

TY - JOUR

T1 - Traffic anomaly diagnosis in Internet backbone networks

T2 - a survey

AU - Marnerides, Angelos

AU - Schaeffer-Filho, Alberto

AU - Mauthe, Andreas

PY - 2014/11/14

Y1 - 2014/11/14

N2 - Computer networks are becoming increasingly important in supporting business and everyday activities. In particular, the Internet has become part of the critical infrastructure and has a strategic importance in our society and in the digital economy. These developments have led to a highly dynamic network utilization, where traffic fluctuations and seemingly random and anomalous traffic patterns are commonly manifested and hard to diagnose. In order to ensure the protection and resilience of such networks, it is necessary to better analyze and observe network traffic. Thus, anomaly diagnosis aims to discover and characterize critical anomalies affecting the network infrastructure, where the source of these anomalies may be deliberately malicious (e.g. attacks) or unintentional (e.g. failures, misconfigurations or legitimate but abnormal use of the network such as in flash crowds). However, although there is a multitude of algorithms and techniques looking at different elements of the analysis of network traffic anomalies, most research typically focuses on a specific aspect or methodology and there is very little regard for the overall context. This survey aims to present a comprehensive investigation of the current state of the art within the network anomaly diagnosis domain, in particular for Internet backbone networks. We decompose the overall anomaly diagnosis problem spectrum into four main dimensions, namely, processing costs, diagnosis granularity, theoretical methodologies and traffic features. Subsequently the anomaly diagnosis research area is structured further and an overview of the most relevant research is provided by individually reviewing each component of the problem spectrum and proposed solutions with a deeper focus on methodologies and features. Further, we also present and review seminal pieces of work that are considered cornerstones of the anomaly diagnosis research domain.

AB - Computer networks are becoming increasingly important in supporting business and everyday activities. In particular, the Internet has become part of the critical infrastructure and has a strategic importance in our society and in the digital economy. These developments have led to a highly dynamic network utilization, where traffic fluctuations and seemingly random and anomalous traffic patterns are commonly manifested and hard to diagnose. In order to ensure the protection and resilience of such networks, it is necessary to better analyze and observe network traffic. Thus, anomaly diagnosis aims to discover and characterize critical anomalies affecting the network infrastructure, where the source of these anomalies may be deliberately malicious (e.g. attacks) or unintentional (e.g. failures, misconfigurations or legitimate but abnormal use of the network such as in flash crowds). However, although there is a multitude of algorithms and techniques looking at different elements of the analysis of network traffic anomalies, most research typically focuses on a specific aspect or methodology and there is very little regard for the overall context. This survey aims to present a comprehensive investigation of the current state of the art within the network anomaly diagnosis domain, in particular for Internet backbone networks. We decompose the overall anomaly diagnosis problem spectrum into four main dimensions, namely, processing costs, diagnosis granularity, theoretical methodologies and traffic features. Subsequently the anomaly diagnosis research area is structured further and an overview of the most relevant research is provided by individually reviewing each component of the problem spectrum and proposed solutions with a deeper focus on methodologies and features. Further, we also present and review seminal pieces of work that are considered cornerstones of the anomaly diagnosis research domain.

KW - Internet traffic anomalies

KW - Anomaly detection

KW - Feature selection

KW - Digital signal processing

KW - Information theory

KW - Statistical methods

U2 - 10.1016/j.comnet.2014.08.007

DO - 10.1016/j.comnet.2014.08.007

M3 - Journal article

VL - 73

SP - 224

EP - 243

JO - Computer Networks

JF - Computer Networks

SN - 1389-1286

ER -