BibTeX Entry

  author	= {Li, Xin and Bian, Fang and Crovella, Mark and Diot, Christophe and Govindan, Ramesh and Iannaccone, Gianluca},
  title		= {Detection and Identification of Network Anomalies Using Sketch Subspaces},
  booktitle	= {Proceedings of the ACM/SIGCOMM Internet Measurement Conference},
  pages		= {147--152},
  month		= oct,
  year		= {2006},
  URL		= {},
  abstract	= {Network anomaly detection using dimensionality reduction techniques has received much recent attention in the literature. For example, previous work has aggregated netflow records into origin-destination (OD) flows, yielding a much smaller set of dimensions which can then be mined to uncover anomalies. However, this approach can only identify which OD flow is anomalous, not the particular IP flow(s) responsible for the anomaly. In this paper we show how one can use random aggregations of IP flows (i.e., sketches) to enable more precise identification of the underlying causes of anomalies. We show how to combine traffic sketches with a subspace method to (1) detect anomalies with high accuracy and (2) identify the IP flows(s) that are responsible for the anomaly. Our method has detection rates comparable to previous methods and detects many more anomalies than prior work, taking us a step closer towards a robust on-line system for anomaly detection and identification.}