Load characterization, overload prediction, and anomaly detection for voice over IP traffic

Michel Mandjes, Iraj Saniee, Alexander Stolyar

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

16 Downloads (Pure)

Abstract

We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.
Original languageUndefined
Title of host publicationProceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems
EditorsP. Heidelberger
Place of PublicationNew York
PublisherAssociation for Computing Machinery (ACM)
Pages326-327
Number of pages2
ISBN (Print)1-58113-334-0
Publication statusPublished - 2001

Publication series

Name
PublisherACM

Keywords

  • VoIP traffic anomaly detection
  • METIS-201312
  • EWI-18029
  • variance estimation
  • SNMP-based load characterization
  • IR-72118

Cite this

Mandjes, M., Saniee, I., & Stolyar, A. (2001). Load characterization, overload prediction, and anomaly detection for voice over IP traffic. In P. Heidelberger (Ed.), Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems (pp. 326-327). New York: Association for Computing Machinery (ACM).
Mandjes, Michel ; Saniee, Iraj ; Stolyar, Alexander. / Load characterization, overload prediction, and anomaly detection for voice over IP traffic. Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. editor / P. Heidelberger. New York : Association for Computing Machinery (ACM), 2001. pp. 326-327
@inproceedings{565c545e2d0340c8a54d67bd2d816821,
title = "Load characterization, overload prediction, and anomaly detection for voice over IP traffic",
abstract = "We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.",
keywords = "VoIP traffic anomaly detection, METIS-201312, EWI-18029, variance estimation, SNMP-based load characterization, IR-72118",
author = "Michel Mandjes and Iraj Saniee and Alexander Stolyar",
year = "2001",
language = "Undefined",
isbn = "1-58113-334-0",
publisher = "Association for Computing Machinery (ACM)",
pages = "326--327",
editor = "P. Heidelberger",
booktitle = "Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems",
address = "United States",

}

Mandjes, M, Saniee, I & Stolyar, A 2001, Load characterization, overload prediction, and anomaly detection for voice over IP traffic. in P Heidelberger (ed.), Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. Association for Computing Machinery (ACM), New York, pp. 326-327.

Load characterization, overload prediction, and anomaly detection for voice over IP traffic. / Mandjes, Michel; Saniee, Iraj; Stolyar, Alexander.

Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. ed. / P. Heidelberger. New York : Association for Computing Machinery (ACM), 2001. p. 326-327.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Load characterization, overload prediction, and anomaly detection for voice over IP traffic

AU - Mandjes, Michel

AU - Saniee, Iraj

AU - Stolyar, Alexander

PY - 2001

Y1 - 2001

N2 - We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.

AB - We consider the problem of traffic anomaly detection in IP networks. Traffic anomalies arise when there is overload due to failures in a network. We present general formulae for the variance of the cumulative traffic over a fixed time interval and show how the derived analytical expression simplifies for the case of voice over IP traffic, the focus of this paper. To detect load anomalies, we show it is sufficient to consider cumulative traffic over relatively long intervals such as 5 minutes. This approach substantially extends the current practice in IP network management where only the first order statistics and fixed thresholds are used to identify abnormal behavior.

KW - VoIP traffic anomaly detection

KW - METIS-201312

KW - EWI-18029

KW - variance estimation

KW - SNMP-based load characterization

KW - IR-72118

M3 - Conference contribution

SN - 1-58113-334-0

SP - 326

EP - 327

BT - Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems

A2 - Heidelberger, P.

PB - Association for Computing Machinery (ACM)

CY - New York

ER -

Mandjes M, Saniee I, Stolyar A. Load characterization, overload prediction, and anomaly detection for voice over IP traffic. In Heidelberger P, editor, Proceedings of the 2001 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems. New York: Association for Computing Machinery (ACM). 2001. p. 326-327