Data Stream Mining Based Dynamic Link Anomaly Analysis Using Paired Sliding Time Window Data

Han, Kun-Hee; Zhang, Tao; Liao, Qi

doi:10.21236/ada613504

Cited by 1 publication

(1 citation statement)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In theory, there are two types of link anomalies, that is, Type-I (missing connections that should have appeared) and Type-II (established connections that should not occur). In order to detect both Type-I and Type-II link anomalies, we utilize several similarity metrics [30] such as Jaccard's Coefficient and Katz Index. Let G = (V; E) be the graph that represents the topological structure of a general connected network.…”

Section: Link Anomaly Graphmentioning

confidence: 99%

Effective network management via dynamic network anomaly visualization

Liao

2016

Int J Network Mgmt

Self Cite

View full text Add to dashboard Cite

Summary Managed network has become increasingly large, complex, heterogeneous, and dynamic. With tremendous number of network components changing at any moment, deciding which events and changes are possibly abnormal and need further investigation is extremely challenging. While there has been widely adopted practice to log daily activities through standard file formats such as netflow, syslog, firewall, and IDS systems, it is vital for system administrators and network managers to be able to analyze the vast amount of log data in order to detect suspicious behaviors or patterns, possibly because of malicious users/applications or faulty devices. While there are automated systems that are available to generate warnings, whether such alarms are true or false, and more importantly, what are the underlying causes are still difficult to know. To bridge the gap between network logging and anomaly analysis, we design and implement a visualization tool that combines multiple useful visualizations together with algorithms such as graph link anomaly analysis. We study the effects of different visualization methods on detecting and analyzing network and system anomalous events and their causes and show that these views, when combined and linked together, may provide an effective alternative for network management and anomaly analysis. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Section: Link Anomaly Graphmentioning

confidence: 99%