Please use this identifier to cite or link to this item:
Type: Conference paper
Title: Use of a cepstral information norm for anomaly detection in a BGP-inferred interent
Author: Chiera, B.
Kraetzl, M.
Roughan, M.
White, L.
Citation: Australian Communication Theory Workshop Proceedings 2007 / pp.116-121
Publisher: IEEE
Publisher Place: CDROM
Issue Date: 2007
ISBN: 1424407419
Conference Name: Australian Communication Theory Workshop (8th : 2007 : Adelaide, Australia)
Editor: Chiera, B.
Statement of
Belinda A. Chiera, Miro Kraetzl, Matthew Roughan and Langford B. White
Abstract: In this paper we use a particular type of mutual information norm — the cepstral information norm — for anomaly detection at the router level in the Internet. We combine the cepstral norm with a state space Kalman filter to define two distance metrics to capture anomalous behaviour. These metrics are implemented using a subspace-based model-free paradigm to aid realtime analysis. We infer a top level Internet topology using Border Gateway Protocol router updates and characterise the structural evolution of the network using a selection of graph metrics. Analysis over one week of non time-homogeneous updates, which includes The SQL Slammer worm event, shows the combined use of the two cepstral distance metrics detects the occurrence and severity of anomalous network events.
Keywords: Cepstral information norm
mutual information
Kalman filter
subspace-based model-free
anomaly detection
Rights: © 2007 The Pennsylvania State University
Published version:
Appears in Collections:Aurora harvest 6
Electrical and Electronic Engineering publications

Files in This Item:
There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.