Multi-Resolution Anomaly Detection for the Internet

L. Zhang, Z. Zhu, K. Jeffay, S. Marron, F.D. Smith
Proceedings of the IEEE Workshop on Network Management
Phoenix, AZ, April 2008

ABSTRACT: In the context of Internet traffic anomaly detection, we will show that some outliers in a time series can be difficult to detect at one scale while they are easy to find at another scale. In this paper, we develop an outlier detection method for a time series with long range dependence, and conclude that testing outliers at multiple time scales helps to reveal them. We present a Multi-Resolution Anomaly Detection (MRAD) procedure for detecting network anomalies. We show that the MRAD method is useful, especially when outliers appear as a slight local mean level shift with a rather long duration, e.g., as generated by a port scan. A novel MRAD outlier map is proposed to visualize the location of the outliers, and also to suggest the significance probabilities (p values) for them.

Get a PostScript (compressed) or PDF copy of the paper.

Back to the Networking Research at UNC page.