Use of a cepstral information norm for anomaly detection in a BGP-inferred interent

Chiera, B.; Kraetzl, M.; Roughan, M.; White, L.

Please use this identifier to cite or link to this item: https://hdl.handle.net/2440/44790

Type:	Conference paper
Title:	Use of a cepstral information norm for anomaly detection in a BGP-inferred interent
Author:	Chiera, B. Kraetzl, M. Roughan, M. White, L.
Citation:	Australian Communication Theory Workshop Proceedings 2007 / pp.116-121
Publisher:	IEEE
Publisher Place:	CDROM
Issue Date:	2007
ISBN:	1424407419 9781424407415
Conference Name:	Australian Communication Theory Workshop (8th : 2007 : Adelaide, Australia)
Editor:	Chiera, B.
Statement of Responsibility:	Belinda A. Chiera, Miro Kraetzl, Matthew Roughan and Langford B. White
Abstract:	In this paper we use a particular type of mutual information norm — the cepstral information norm — for anomaly detection at the router level in the Internet. We combine the cepstral norm with a state space Kalman filter to define two distance metrics to capture anomalous behaviour. These metrics are implemented using a subspace-based model-free paradigm to aid realtime analysis. We infer a top level Internet topology using Border Gateway Protocol router updates and characterise the structural evolution of the network using a selection of graph metrics. Analysis over one week of non time-homogeneous updates, which includes The SQL Slammer worm event, shows the combined use of the two cepstral distance metrics detects the occurrence and severity of anomalous network events.
Keywords:	Cepstral information norm mutual information Kalman filter subspace-based model-free anomaly detection
Rights:	© 2007 The Pennsylvania State University
Published version:	http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.71.5397
Appears in Collections:	Aurora harvest 6 Electrical and Electronic Engineering publications

Files in This Item:

There are no files associated with this item.

Show full item record

Adelaide Research & Scholarship