In every computer network there are anomalies in traffic which indicate special events occurring somewhere in the network. Many statistical methods of anomaly detection based on large-volume flow data exist today. This paper however applies component analysis to several sampled traffic properties as a lightweight approach to anomaly detection. The results of the research prove that even sampled traffic properties can reveal anomalies with compatible level of certainty while being easy to provide compared to low-level flow data. As traffic sampling is used, the paper also considers boundaries of validity of proposed method.
展开▼
