An Efficient Detection Technique for Optimization of Network Traffic

Main Article Content

Rajesh Kumar Ahirwar
Rakesh Kumar Vishwakarma, Sachin Sohra


Network operators often need to deal with events that compromise their networks. One approach to find these events is to monitor the aggregate traffic in one or several network links and then look for significant deviations from some statistical model of normal behavior. This problem, known as traffic anomaly diagnosis, involves two steps: anomaly detection and root cause analysis. Anomaly detection methods have to define first what constitutes normal traffic behavior. Given the large variability in Internet traffic behavior, current techniques learn their parametric models from traces that are assumed to contain no anomalies. Besides the computational overhead of periodically re-training the model, real traces are never guaranteed to be anomaly-free; anomalies in the training data can contaminate the detector’s definition of normal traffic behavior. Another problem with current anomaly detectors is that, by aggregating traffic before detection, they lose information about which specific flows cause the anomaly. Root cause analysis is the process of recovering this information, by going back to the original traffic traces looking for events that could explain the alarm. Currently, there are few automated techniques that can help with root cause analysis; operators often rely on ad-hoc manual procedures, which are both time-consuming and error-prone. In a large network with hundreds of links, the number of events that can trigger alarms may easily overload the Network Operations Center, making anomaly detection tools useless. In this thesis we design an anomaly diagnosis system (i.e., detection and root cause analysis) that exposes a broad range of anomalies and automatically explains their causes. We design an anomaly detection method that uses a non-parametric model of normal traffic behavior, and thus is simple to compute and immune to data contamination. It also makes it easier to identify the flows responsible for an anomaly. Second, we propose a technique that automates the root cause analysis step by identifying the anomalous traffic and classifying it according to the type of root cause vent. Our results can correctly diagnose anomalies caused by a variety of events and also expose a different class of traffic anomalies when compared to previously proposed detection methods.


Keywords- Wireless Network, Multipath routing, Anomaly Detection.


Download data is not yet available.

Article Details