Show simple item record

dc.contributor.authorAbdelkefi, Atef
dc.contributor.authorJiang, Yuming
dc.contributor.authorSharma, Sachin
dc.date.accessioned2019-04-05T12:19:02Z
dc.date.available2019-04-05T12:19:02Z
dc.date.created2019-01-16T09:51:36Z
dc.date.issued2018
dc.identifier.isbn978-1-5386-7045-3
dc.identifier.urihttp://hdl.handle.net/11250/2593539
dc.description.abstractIn this paper, we propose a novel approach, called SENATUS, for joint anomaly detection and root-cause analysis. Inspired from the concept of a senate, the key idea of the proposed approach is divided into three stages: election, voting and decision. At the election stage, a small number of traffic flow sets (termed as senator flows) are chosen based on the Ksparse approximation technique, which can be used to represent approximately the total (usually huge) set of traffic flows. In the voting stage, Principal Component Pursuit (PCP) analysis is used for anomaly detection on the senator flows. In addition, the detected anomalies are correlated across traffic features to identify the most possible anomalous time bins. Finally, in the decision stage, a machine learning (ML) technique is applied to the senator flows of anomalous time bins to find the root cause of the anomalies. The performance of SENATUS is evaluated using real traffic traces collected from a Pan European network, GEANT, and compared against another approach which detects anomalies using lossless compression of traffic histograms. The evaluation shows that SENATUS has higher effectiveness in diagnosing traffic anomalies.nb_NO
dc.language.isoengnb_NO
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)nb_NO
dc.relation.ispartof2018 2nd Cyber Security in Networking Conference (CSNet)
dc.titleSENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysisnb_NO
dc.typeChapternb_NO
dc.description.versionacceptedVersionnb_NO
dc.source.pagenumber1-8nb_NO
dc.identifier.doi10.1109/CSNET.2018.8602689
dc.identifier.cristin1657886
dc.description.localcode© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.nb_NO
cristin.unitcode194,63,30,0
cristin.unitnameInstitutt for informasjonssikkerhet og kommunikasjonsteknologi
cristin.ispublishedtrue
cristin.fulltextpreprint
cristin.qualitycode1


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record