Accession Number:

AD1037243

Title:

Statistical Traffic Anomaly Detection in Time Varying Communication Networks

Descriptive Note:

OSTP Journal Article

Corporate Author:

University of Texas at Austin Austin United States

Personal Author(s):

Report Date:

2015-02-01

Pagination or Media Count:

16.0

Abstract:

We propose two methods for traffic anomaly detection in communication networks where properties of normal trafficevolve dynamically. We formulate the anomaly detection problem as a binary composite hypothesis testing problemand develop a model-free and a model-based method, leveraging techniques from the theory of large deviations. Bothmethods first extract a family of Prob- ability Laws PLs that represent normal traffic patterns during different timeperiods,and then detect anomalies by assessing deviations of traffic from these laws. We establish the asymptoticNewman-Pearson optimality of both methods and develop an optimization-based approach for selecting the family ofPLs from past traffic data. We validate our methods on networks with two representative time-varying traffic patternsand one common anomaly related to data exfiltration. Simulation results show that our methods perform better thantheir vanilla counterparts, which assume that normal traffic is stationary.

Descriptors:

Subject Categories:

Distribution Statement:

APPROVED FOR PUBLIC RELEASE