Anomaly Characterization in Flow-Based Traffic Time Series

Anna Sperotto, Ramin Sadre, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    18 Citations (Scopus)
    6 Downloads (Pure)


    The increasing number of network attacks causes growing problems for network operators and users. Not only do these attacks pose direct security threats to our infrastructure, but they may also lead to service degradation, due to the massive traffic volume variations that are possible during such attacks. The recent spread of Gbps network technology made the problem of detecting these attacks harder, since existing packet-based monitoring and intrusion detection systems do not scale well to Gigabit speeds. Therefore the attention of the scientific community is shifting towards the possible use of aggregated traffic metrics. The goal of this paper is to investigate how malicious traffic can be characterized on the basis of such aggregated metrics, in particular by using flow, packet and byte frequency variations over time. The contribution of this paper is that it shows, based on a number of real case studies on high-speed networks, that all three metrics may be necessary for proper time series anomaly characterization.
    Original languageEnglish
    Title of host publicationIP Operations and Management
    Subtitle of host publication8th IEEE International Workshop, IPOM 2008, Samos Island, Greece, September 22-26, 2008. Proceedings
    EditorsNail Akar, Michal Pioro, Charalabos Skianis
    Place of PublicationBerlin
    Number of pages13
    ISBN (Electronic)978-3-540-87357-0
    ISBN (Print)978-3-540-87356-3
    Publication statusPublished - 25 Sep 2008
    Event8th IEEE International Workshop on IP Operations and Management, IPOM 2008 - Samos, Greece
    Duration: 22 Sep 200826 Sep 2008
    Conference number: 8

    Publication series

    NameLecture Notes in Computer Science
    ISSN (Print)1611-3349
    ISSN (Electronic)1611-3349


    Workshop8th IEEE International Workshop on IP Operations and Management, IPOM 2008
    Abbreviated titleIPOM


    • EWI-13579
    • IR-62480
    • METIS-251219


    Dive into the research topics of 'Anomaly Characterization in Flow-Based Traffic Time Series'. Together they form a unique fingerprint.

    Cite this