Non-linear Regression for Bivariate Sef-similarity Identification - Application to Anomaly Detection in Internet Traffic Based on a Joint Scaling Analysis of Packet and Byte Counts

J. Frecon, R. Fontugne, G. Didier, N. Pustelnik, K. Fukuda and P. Abry
International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2016


Internet traffic monitoring is a crucial task for network security. Self-similarity, a key property for a relevant description of internet traffic statistics, has already been massively and successfully involved in anomaly detection. Self-similar analysis was however so far applied either to byte or Packet count time series independently, while both signals are jointly collected and technically deeply related. The present contribution elaborates on a recently proposed multivariate self-similar model, Operator fractional Brownian Motion (OfBm), to analyze jointly self-similarity in bytes and packets. A non-linear regression procedure, based on an original Branch & Bound resolution procedure, is devised for the full identification of bivariate OfBm. The estimation performance is assessed by means of Monte Carlo simulations. Further, an Internet traffic anomaly detection procedure is proposed, that makes use of the vector of Hurst exponents underlying the OfBm based Internet data modeling. Applied to a large set of high quality and modern Internet data from the MAWI repository, proof-of-concept results in anomaly detection are detailed and discussed.


PDF   BibTex   DOI   Toolbox