| 发明名称 | Method and apparatus for whole-network anomaly diagnosis and method to detect and classify network anomalies using traffic feature distributions | ||
| 摘要 | To improve network reliability and management in today's high-speed communication networks, we propose an intelligent system using adaptive statistical approaches. The system learns the normal behavior of the network. Deviations from the norm are detected and the information is combined in the probabilistic framework of a Bayesian network. The proposed system is thereby able to detect unknown or unseen faults. As demonstrated on real network data, this method can detect abnormal behavior before a fault actually occurs, giving the network management system (human or automated) the ability to avoid a potentially serious problem. | ||
| 申请公布号 | US8869276(B2) | 申请公布日期 | 2014.10.21 |
| 申请号 | US200611988056 | 申请日期 | 2006.06.29 |
| 申请人 | Trustees of Boston University | 发明人 | Crovella Mark;Lakhina Anukool |
| 分类号 | G06F12/14;G06F17/00;H04L29/06;H04L9/32;H04L12/26;H04L12/24 | 主分类号 | G06F12/14 |
| 代理机构 | Bingham McCutchen LLP | 代理人 | Bingham McCutchen LLP |
| 主权项 | 1. A method for detecting anomalies in network traffic, the method comprising: during at least one training interval, collecting network traffic data comprising data from N network sources at a plurality of time periods t, where N>1; assigning, by a processor, the network traffic data collected during the at least one training interval from the N network sources to dimensions of an r-dimensional subspace, wherein 0<r≦N and each of the dimensions r corresponds to a degree of variance of the data along an orthogonal dimension of the r-dimensional subspace; computationally analyzing the r-dimensional subspace to identify dimensions corresponding to a normal subspace S1 thereof, the dimensions of the normal subspace S1 containing only data corresponding to normal network traffic of the network traffic data collected during the at least one training interval; computationally defining an anomalous subspace S2 by removing dimensions corresponding to the normal subspace S1 from dimensions corresponding to the r-dimensional subspace, the anomalous subspace S2 representing behavior of anomalous network traffic in the network traffic data; during an operational time interval, receiving network data traffic and computationally projecting the network traffic data received during the operational time interval onto the anomalous subspace S2 to create a projection representing a degree of anomalous variation in the received network data traffic; and based on the projection, classifying the network traffic data received during the operational time interval as anomalous if the degree of anomalous variation exceeds a threshold. | ||
| 地址 | Boston MA US | ||