NORMA eResearch @NCI Library

SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis

Abdelkefi, Atef, Jiang, Yuming and Sharma, Sachin (2019) SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis. In: 2018 2nd Cyber Security in Networking Conference (CSNet). IEEE, p. 8602689. ISBN 9781538670453

Full text not available from this repository.
Official URL: http://dx.doi.org/10.1109/CSNET.2018.8602689

Abstract

In this paper, we propose a novel approach, called SENATUS, for joint anomaly detection and root-cause analysis. Inspired from the concept of a senate, the key idea of the proposed approach is divided into three stages: election, voting and decision. At the election stage, a small number of traffic flow sets (termed as senator flows) are chosen based on the K-sparse approximation technique, which can be used to represent approximately the total (usually huge) set of traffic flows. In the voting stage, Principal Component Pursuit (PCP) analysis is used for anomaly detection on the senator flows. In addition, the detected anomalies are correlated across traffic features to identify the most possible anomalous time bins. Finally, in the decision stage, a machine learning (ML) technique is applied to the senator flows of anomalous time bins to find the root cause of the anomalies. The performance of SENATUS is evaluated using real traffic traces collected from a Pan European network, GEANT, and compared against another approach which detects anomalies using lossless compression of traffic histograms. The evaluation shows that SENATUS has higher effectiveness in diagnosing traffic anomalies.

Item Type: Book Section
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science

Q Science > QA Mathematics > Computer software
T Technology > T Technology (General) > Information Technology > Computer software

Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Staff Research and Publications
Depositing User: CAOIMHE NI MHAICIN
Date Deposited: 30 Oct 2019 10:21
Last Modified: 30 Oct 2019 10:21
URI: http://trap.ncirl.ie/id/eprint/4074

Actions (login required)

View Item View Item