| Presentation | 2023-11-22 Improving the accuracy of flow prediction and anomaly detection in GAMPAL, a general-purpose anomaly detection mechanism for Internet traffic Taku Wakui, Fumio Teraoka, Takao Kondo, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | The authors propose a general-purpose anomaly detection mechanism using Prefix Aggregate without Labeled data (GAMPAL) for Internet traffic. GAMPAL aggregates flows based on BGP (Border Gateway Protocol), and detects anomalies by comparing the predicted traffic flow for each aggregated group with the observed traffic flow. The model of the existing method is trained with time-series data of past flows as input and future values as output. In order to improve the accuracy of prediction and detection, this paper uses the flow rate as input and time-based features such as month, hour, minute, and day of the week, which are generated from the recorded date and time of each value, as output. This method enables to learn various temporal characteristics, such as weekly and daily. The evaluation results show that RFR (Random Forest Regressor) is the most suitable for the proposed learning method among LSTM-RNN (Long Short-Term Memory Recurrent Neural Network), RFR, and SVM (Support Vector Machine). The difference between predicted and observed flow size is reduced by 80.8% from our previous method. Computation time is also reduced. Furthermore, when connection failure for YouTube was occurring, the observed values are continuously much lower than the predicted values. It shows this method can detects anomalies. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Network Traffic Analysis / Anomaly Detection / Internet Backbone / Machine Learning |
| Paper # | IA2023-41 |
| Date of Issue | 2023-11-15 (IA) |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2023/11/22(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Aomori Prefecture Tourist Center ASPM (Aomori) |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Student Sessions, etc. (cosponsored by Committee on Internet Technology) |
| Chair | Toyokazu Akiyama(Kyoto Sangyo Univ.) |
| Vice Chair | Yusuke Sakumoto(Kwansei Gakuin Univ.) / Toshiki Watanabe(NEC) / Yuichiro Hei(KDDI) |
| Secretary | Yusuke Sakumoto(Osaka Univ.) / Toshiki Watanabe(Kogakuin Univ.) / Yuichiro Hei(Kyushu Inst. of Tech.) |
| Assistant | Daisuke Kotani(Kyoto Univ.) / Ryo Nakamura(Fukuoka Univ.) / Ryo Nakamura(Univ. of Tokyo) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Improving the accuracy of flow prediction and anomaly detection in GAMPAL, a general-purpose anomaly detection mechanism for Internet traffic |
| Sub Title (in English) | |
| Keyword(1) | Network Traffic Analysis |
| Keyword(2) | Anomaly Detection |
| Keyword(3) | Internet Backbone |
| Keyword(4) | Machine Learning |
| 1st Author's Name | Taku Wakui |
| 1st Author's Affiliation | Graduate School of Keio University/Hitachi, Ltd.(Keio Univ./Hitachi) |
| 2nd Author's Name | Fumio Teraoka |
| 2nd Author's Affiliation | Keio University(Keio Univ.) |
| 3rd Author's Name | Takao Kondo |
| 3rd Author's Affiliation | Hokkaido University/Keio University(Hokkaido Univ./Keio Univ.) |
| Date | 2023-11-22 |
| Paper # | IA2023-41 |
| Volume (vol) | vol.123 |
| Number (no) | IA-277 |
| Page | pp.pp.33-40(IA), |
| #Pages | 8 |
| Date of Issue | 2023-11-15 (IA) |