Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/44790
Type: | Conference paper |
Title: | Use of a cepstral information norm for anomaly detection in a BGP-inferred interent |
Author: | Chiera, B. Kraetzl, M. Roughan, M. White, L. |
Citation: | Australian Communication Theory Workshop Proceedings 2007 / pp.116-121 |
Publisher: | IEEE |
Publisher Place: | CDROM |
Issue Date: | 2007 |
ISBN: | 1424407419 9781424407415 |
Conference Name: | Australian Communication Theory Workshop (8th : 2007 : Adelaide, Australia) |
Editor: | Chiera, B. |
Statement of Responsibility: | Belinda A. Chiera, Miro Kraetzl, Matthew Roughan and Langford B. White |
Abstract: | In this paper we use a particular type of mutual information norm — the cepstral information norm — for anomaly detection at the router level in the Internet. We combine the cepstral norm with a state space Kalman filter to define two distance metrics to capture anomalous behaviour. These metrics are implemented using a subspace-based model-free paradigm to aid realtime analysis. We infer a top level Internet topology using Border Gateway Protocol router updates and characterise the structural evolution of the network using a selection of graph metrics. Analysis over one week of non time-homogeneous updates, which includes The SQL Slammer worm event, shows the combined use of the two cepstral distance metrics detects the occurrence and severity of anomalous network events. |
Keywords: | Cepstral information norm mutual information Kalman filter subspace-based model-free anomaly detection |
Rights: | © 2007 The Pennsylvania State University |
Published version: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.71.5397 |
Appears in Collections: | Aurora harvest 6 Electrical and Electronic Engineering publications |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.