Abstract
We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.
Original language | English (US) |
---|---|
Pages (from-to) | 326-327 |
Number of pages | 2 |
Journal | Performance Evaluation Review |
Volume | 29 |
Issue number | 1 |
DOIs | |
State | Published - 2001 |
Externally published | Yes |
Event | Joint International Conference on Measurement and Modeling of Computer Systems - Cambridge, MA, United States Duration: Jun 16 2001 → Jun 20 2001 |
Keywords
- SNMP-based load characterization
- Variance estimation
- VoIP traffic anomaly detection
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Computer Networks and Communications