Anomaly Detection in IP Networks

Description | Publications | People | Collaborators | Funding

Description

Statistical techniques for detecting anomalous events can be an invaluable tool for the operators of large IP networks. In this project, we explore the use of statistical techniques, such as wavelets, Principal Component Analysis, and Kalman-based filters, in automatically detecting and diagnosing anomalies. The research draws on analyzing large volumes of traffic and routing data collected from many vantage points.

Publications

Haakon Ringberg, Augustin Soule, Jennifer Rexford, and Christophe Diot, "Sensitivity of PCA for traffic anomaly detection," to appear in Proc. ACM SIGMETRICS, June 2007.

Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, and Christophe Diot, "Detectability of traffic anomalies in two adjacent networks," in Proc. Passive and Active Measurement Conference, April 2007 (Augustin's slides).

Jian Zhang, Jennifer Rexford, and Joan Feigenbaum, "Learning-based anomaly detection in BGP updates," Proc. ACM SIGCOMM MineNet workshop, August 2005 (Jian's slides). A longer version is available as Yale University Technical Report YALEU/DCS/TR-1318, April 2005.

People

Collaborators

Christophe Diot (Thomson)
Augustin Soule (Thomson)
Joan Feigenbaum (Yale), co-PI on HSARPA project

Funding

The research on BGP anomaly detection is part of the project on "Incrementally Deployable Secure Interdomain Routing" funded by HSARPA. The research on detecting traffic anomalies is partially funded by Thomson Technology Paris Lab.