Statistical Traffic Anomaly Detection in Time Varying Communication Networks

Abstract

We propose two methods for traffic anomaly detection in communication networks where properties of normal trafficevolve dynamically. We formulate the anomaly detection problem as a binary composite hypothesis testing problemand develop a model-free and a model-based method, leveraging techniques from the theory of large deviations. Bothmethods first extract a family of Prob- ability Laws (PLs) that represent normal traffic patterns during different timeperiods,and then detect anomalies by assessing deviations of traffic from these laws. We establish the asymptoticNewman-Pearson optimality of both methods and develop an optimization-based approach for selecting the family ofPLs from past traffic data. We validate our methods on networks with two representative time-varying traffic patternsand one common anomaly related to data exfiltration. Simulation results show that our methods perform better thantheir vanilla counterparts, which assume that normal traffic is stationary.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2015
Accession Number
AD1037243

Entities

People

  • Ioannis Ch. Paschalidis
  • Jing Wang

Organizations

  • University of Texas at Austin

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Algorithms
  • Anomaly Detection
  • Change Detection
  • Communication Networks
  • Detection
  • False Alarms
  • Gaussian Distributions
  • Information Operations
  • Markov Chains
  • Network Protocols
  • Networks
  • Normal Distribution
  • Probabilistic Models
  • Probability
  • Random Variables
  • Simulations
  • Stochastic Processes

Fields of Study

  • Computer science

Readers

  • Adaptive Control and Estimation with Uncertainty in Dynamic Systems.
  • Computer Networking
  • Mathematical Modeling and Probability Theory.