Use of a cepstral information norm for anomaly detection in a BGP-inferred interent
Date
2007
Authors
Chiera, B.
Kraetzl, M.
Roughan, M.
White, L.
Editors
Chiera, B.
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
Australian Communication Theory Workshop Proceedings 2007 / pp.116-121
Statement of Responsibility
Belinda A. Chiera, Miro Kraetzl, Matthew Roughan and Langford B. White
Conference Name
Australian Communication Theory Workshop (8th : 2007 : Adelaide, Australia)
Abstract
In this paper we use a particular type of mutual information norm — the cepstral information norm — for anomaly detection at the router level in the Internet. We combine the cepstral norm with a state space Kalman filter to define two distance metrics to capture anomalous behaviour. These metrics are implemented using a subspace-based model-free paradigm to aid realtime analysis. We infer a top level Internet topology using Border Gateway Protocol router updates and characterise the structural evolution of the network using a selection of graph metrics. Analysis over one week of non time-homogeneous updates, which includes The SQL Slammer worm event, shows the combined use of the two cepstral distance metrics detects the occurrence and severity of anomalous network events.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
© 2007 The Pennsylvania State University