Accession Number:

AD1028093

Title:

Statistical Traffic Anomaly Detection in Time-Varying Communication Networks

Descriptive Note:

Journal Article

Corporate Author:

University of Texas at Austin Austin United States

Personal Author(s):

Report Date:

2015-02-01

Pagination or Media Count:

16.0

Abstract:

We propose two methods for traffic anomaly detection in communication networks where properties of normal traffic evolve dynamically. We formulate the anomaly detection problem as a binary composite hypothesis testing problem and develop a model-free and a model-based method, leveraging techniques from the theory of large deviations. Both methods first extract a family of Probability Laws PLs that represent normal traffic patterns during different time periods,and then detect anomalies by assessing deviations of traffic from these laws. We establish the asymptotic Newman-Pearson optimality of both methods and develop an optimization-based approach for selecting the family of PLs from past traffic data. We validate our methods on networks with two representative time-varying traffic patterns and one common anomaly related to data exfiltration. Simulation results show that our methods perform better than their vanilla counterparts, which assume that normal traffic is stationary.

Subject Categories:

  • Computer Systems Management and Standards
  • Statistics and Probability

Distribution Statement:

APPROVED FOR PUBLIC RELEASE