Statistical Traffic Anomaly Detection in Time Varying Communication Networks
OSTP Journal Article
University of Texas at Austin Austin United States
Pagination or Media Count:
We propose two methods for traffic anomaly detection in communication networks where properties of normal trafficevolve dynamically. We formulate the anomaly detection problem as a binary composite hypothesis testing problemand develop a model-free and a model-based method, leveraging techniques from the theory of large deviations. Bothmethods first extract a family of Prob- ability Laws PLs that represent normal traffic patterns during different timeperiods,and then detect anomalies by assessing deviations of traffic from these laws. We establish the asymptoticNewman-Pearson optimality of both methods and develop an optimization-based approach for selecting the family ofPLs from past traffic data. We validate our methods on networks with two representative time-varying traffic patternsand one common anomaly related to data exfiltration. Simulation results show that our methods perform better thantheir vanilla counterparts, which assume that normal traffic is stationary.