Network Volume Anomaly Detection and Identification in Large-Scale Networks Based on Online Time-Structured Traffic Tensor Tracking

This paper addresses network anomography, that is, the problem of inferring network-level anomalies from indirect link measurements. This problem is cast as a low-rank subspace tracking problem for normal flows under incomplete observations and an outlier detection problem for abnormal flows. Since...

Full description

Saved in:
Bibliographic Details
Published in:IEEE eTransactions on network and service management Vol. 13; no. 3; pp. 636 - 650
Main Authors: Kasai, Hiroyuki, Kellerer, Wolfgang, Kleinsteuber, Martin
Format: Journal Article
Language:English
Published: New York IEEE 01.09.2016
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Algorithms
anomaly detection and identification
Approximation algorithms
Convergence
flow matrix estimation
Matrix decomposition
online subspace tracking
outlier detection
Robustness
Tensile stress
Time measurement
traffic tensor tracking
Traffic volume anomaly
Volume measurement
ISSN:1932-4537, 1932-4537
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper addresses network anomography, that is, the problem of inferring network-level anomalies from indirect link measurements. This problem is cast as a low-rank subspace tracking problem for normal flows under incomplete observations and an outlier detection problem for abnormal flows. Since traffic data is large-scale time-structured data accompanied with noise and outliers under partial observations, an efficient modeling method is essential. To this end, this paper proposes an online subspace tracking of a Hankelized time-structured traffic tensor for normal flows based on the Candecomp/PARAFAC decomposition exploiting the recursive least squares algorithm. We estimate abnormal flows as outlier sparse flows via sparsity maximization in the underlying under-constrained linear-inverse problem. A major advantage is that our algorithm estimates normal flows by low-dimensional matrices with time-directional features as well as the spatial correlation of multiple links without using the past observed measurements and the past model parameters. Extensive numerical evaluations show that the proposed algorithm achieves faster convergence per iteration of model approximation and better volume anomaly detection performance compared to state-of-the-art algorithms.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1932-4537
1932-4537
DOI:10.1109/TNSM.2016.2598788