Use of a cepstral information norm for anomaly detection in a BGP-inferred interent
| dc.contributor.author | Chiera, B. | |
| dc.contributor.author | Kraetzl, M. | |
| dc.contributor.author | Roughan, M. | |
| dc.contributor.author | White, L. | |
| dc.contributor.conference | Australian Communication Theory Workshop (8th : 2007 : Adelaide, Australia) | |
| dc.contributor.editor | Chiera, B. | |
| dc.date.issued | 2007 | |
| dc.description.abstract | In this paper we use a particular type of mutual information norm — the cepstral information norm — for anomaly detection at the router level in the Internet. We combine the cepstral norm with a state space Kalman filter to define two distance metrics to capture anomalous behaviour. These metrics are implemented using a subspace-based model-free paradigm to aid realtime analysis. We infer a top level Internet topology using Border Gateway Protocol router updates and characterise the structural evolution of the network using a selection of graph metrics. Analysis over one week of non time-homogeneous updates, which includes The SQL Slammer worm event, shows the combined use of the two cepstral distance metrics detects the occurrence and severity of anomalous network events. | |
| dc.description.statementofresponsibility | Belinda A. Chiera, Miro Kraetzl, Matthew Roughan and Langford B. White | |
| dc.identifier.citation | Australian Communication Theory Workshop Proceedings 2007 / pp.116-121 | |
| dc.identifier.isbn | 1424407419 | |
| dc.identifier.orcid | Roughan, M. [0000-0002-7882-7329] | |
| dc.identifier.orcid | White, L. [0000-0001-6660-0517] | |
| dc.identifier.uri | http://hdl.handle.net/2440/44790 | |
| dc.language.iso | en | |
| dc.publisher | IEEE | |
| dc.publisher.place | CDROM | |
| dc.rights | © 2007 The Pennsylvania State University | |
| dc.source.uri | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.71.5397 | |
| dc.subject | Cepstral information norm | |
| dc.subject | mutual information | |
| dc.subject | Kalman filter | |
| dc.subject | subspace-based model-free | |
| dc.subject | anomaly detection | |
| dc.title | Use of a cepstral information norm for anomaly detection in a BGP-inferred interent | |
| dc.type | Conference paper | |
| pubs.publication-status | Published |