Abstract:
|
The AMON (All Packet MONitoring) platform generates multi-gigabit network traffic streams that contains the internet packets header information. Network engineers are interested in using this information to detect anomalous activities such as distributed denial of service attacks on all network locations. However, when data under monitoring is streamed in ultra-high volume, 1. one faces tremendous storage and computational challenges; 2. the number of processes under monitoring is much larger than in the contexts of traditional engineering process control; 3. auto-correlation and nonstationarity also pose difficulties to existing methods. The three challenges, first computational, second and third statistical, are addressed with our tools here. We shall present a principal component-based on-line statistical methodology for anomaly detection on high-throughput, high-dimensional, and auto-correlated data streams. We then present results of the method when applied to both synthetic and real data generated by AMON.
|