The effects of network attacks may result in abrupt changes in network traffic parameters. The speedy identification of these changes is critical for smooth network operation. This paper illustrates a sequential analysis technique for detecting these unknown abrupt changes in asymmetric network traffic. A novel sliding window based adaptive cumulative sum (CUSUM) algorithm is used to detect the cause of such variations in network traffic. The significance of the proposed algorithm is two-fold: (1) automatic adjustment of the change detection threshold while minimising the false alarm rate, and (2) timely detection of an end to the anomalous traffic. The validity of the proposed technique is investigated by experimentation on simulated data and on 18 months of real network traces collected from a class C darknet. Comparative analysis of the proposed technique with a traditional CUSUM method demonstrates its superior performance with high detection accuracy and low false alarm rate.
展开▼
