@misc{oai:ir.soken.ac.jp:00002686,
 author = {FONTUGNE, Romain Thibault and フォンテュニュ, ロマン　ティボ and FONTUGNE, Romain Thibault},
 month = {2016-02-17, 2016-02-17},
 note = {Network traffic anomalies stand for a large fraction of the Internet traffic and
compromise the performance of the network resources. Detecting and diagnos-
ing these threats is a laborious and time consuming task that network operators
face daily. During the last decade researchers have concentrated their efforts
on this problem and proposed several tools to automate this task. Thereby,
recent advances in anomaly detection have permitted to detect new or unknown
anomalies by taking advantage of statistical analysis of the traffic. In spite of
the advantages of these detection methods, researchers have reported several
common drawbacks discrediting their use in practice. Indeed, the challenge of
understanding the relation between the theory underlying these methods and
the actual Internet traffic raises several issues. For example, the difficulty of
selecting the optimal parameter set for these methods mitigates their perfor-
mance and prevent network operators from using them. Moreover, due to the
lack of ground truth data, approximate evaluations of these detection methods
prevent to provide accurate feedback on them and increase their reliability. We
address these issues, first, by proposing a pattern-recognition-based detection
method that overcomes the common drawbacks of anomaly detectors based on
statistical analysis, second, by providing both a benchmark tool that compares
the results from diverse detectors and ground truth data obtained by combining
several anomaly detectors.
&nbsp; &nbsp;The proposed pattern-recognition-based detector takes advantage of image
processing techniques to provide intuitive outputs and parameter set. An adap-
tive mechanism automatically tuning its parameter set according to traffic fluc-
tuations is also proposed. The resulting adaptive anomaly detector is easily
usable in practice, performs a high detection rate, and provides intuitive de-
scription of the anomalies allowing to identify their root causes.
&nbsp; &nbsp;A benchmark methodology is also developed in order to compare several
detectors based on different theoretical background. This methodology allows
researchers to accurately identify the differences between the results of diverse
detectors. We employ this methodology along with an unsupervised combina-
tion strategy to combine the output of four anomaly detectors. Thereby, the
combination strategy increases the overall reliability of the combined detectors
and it detects two times more anomalies than the best detector. We provide
the results of this combination of detectors in the form of ground truth data
containing various anomalies during 10 years of traffic., application/pdf, 総研大甲第1456号},
 title = {Increasing Reliability in Network Traffic Anomaly Detection},
 year = {}
}