Network Volume Anomaly Detection and Identification in Large-Scale Networks Based on Online Time-Structured Traffic Tensor Tracking

This paper addresses network anomography, that is, the problem of inferring network-level anomalies from indirect link measurements. This problem is cast as a low-rank subspace tracking problem for normal flows under incomplete observations and an outlier detection problem for abnormal flows. Since...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE eTransactions on network and service management Ročník 13; číslo 3; s. 636 - 650
Hlavní autoři: Kasai, Hiroyuki, Kellerer, Wolfgang, Kleinsteuber, Martin
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York IEEE 01.09.2016
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
Algorithms
anomaly detection and identification
Approximation algorithms
Convergence
flow matrix estimation
Matrix decomposition
online subspace tracking
outlier detection
Robustness
Tensile stress
Time measurement
traffic tensor tracking
Traffic volume anomaly
Volume measurement
ISSN:1932-4537, 1932-4537
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:This paper addresses network anomography, that is, the problem of inferring network-level anomalies from indirect link measurements. This problem is cast as a low-rank subspace tracking problem for normal flows under incomplete observations and an outlier detection problem for abnormal flows. Since traffic data is large-scale time-structured data accompanied with noise and outliers under partial observations, an efficient modeling method is essential. To this end, this paper proposes an online subspace tracking of a Hankelized time-structured traffic tensor for normal flows based on the Candecomp/PARAFAC decomposition exploiting the recursive least squares algorithm. We estimate abnormal flows as outlier sparse flows via sparsity maximization in the underlying under-constrained linear-inverse problem. A major advantage is that our algorithm estimates normal flows by low-dimensional matrices with time-directional features as well as the spatial correlation of multiple links without using the past observed measurements and the past model parameters. Extensive numerical evaluations show that the proposed algorithm achieves faster convergence per iteration of model approximation and better volume anomaly detection performance compared to state-of-the-art algorithms.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1932-4537
1932-4537
DOI:10.1109/TNSM.2016.2598788