Multiple network anomaly detection methods have been proposed to deal with rapidly increasing attacks and network disruptions. The existing hierarchical heavy hitter (HHH) is well studied, but it is still difficult to identify more specifically targeted anomalies, as they tend to be small in volume, thus, buried in the entire traffic. To resolve this issue, this paper proposes a new two-stage traffic aggregation method: first screening target application traffic and then applying HHH analysis on classified traffic. Characterizing the normal traffic behavior per application through HHH lattice facilitates the detection of anomalies even in the small traffic volume. Our preliminary evaluation reveals that our proposed method has an advantage in effectively detecting anomalies compared to the existing methods. We plan to further elaborate the anomaly detection capability of our proposed method under various traffic data.
Jianyuan LuTian PanShan HeMao MiaoGuangzhe ZhouYining QiS. ZhangEnge SongXiaoqing SunHuaiyi ZhaoBiao LyuShunmin Zhu
Jianyuan LuTian PanShan HeMao MiaoGuangzhe ZhouYining QiBiao LyuShunmin Zhu