Outlier detection in IP traffic modelled as a link stream using the stability of degree distributions over time

This paper aims at precisely detecting and identifying anomalous events in IP traffic. To this end, we adopt the link stream formalism which properly captures temporal and structural features of the data. Within this framework, we focus on finding anomalous behaviours with respect to the degree of I...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2019-10, Vol.161, p.197-209
Main Authors: Wilmet, Audrey, Viard, Tiphaine, Latapy, Matthieu, Lamarche-Perrin, Robin
Format: Article
Language:English
Subjects:
Anomalies
Data analysis
IP (Internet Protocol)
Outliers (statistics)
Traffic models
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper aims at precisely detecting and identifying anomalous events in IP traffic. To this end, we adopt the link stream formalism which properly captures temporal and structural features of the data. Within this framework, we focus on finding anomalous behaviours with respect to the degree of IP addresses over time, i.e. the number of distinct IP addresses with which they interact over time. Due to diversity in IP profiles, this feature is typically distributed heterogeneously, preventing us to directly find anomalies. To deal with this challenge, we design a method to detect outliers as well as precisely identify their cause in a sequence of similar heterogeneous distributions. We apply it to several IP traffic captures and we show that it succeeds in detecting relevant patterns in terms of anomalous network activity.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2019.07.002