Anomaly detection in edge networks
| atmire.migration.oldid | 201 | |
| dc.contributor.advisor | Williamson, Carey | |
| dc.contributor.advisor | Locasto, Michael | |
| dc.contributor.author | Iqbal, Faisal | |
| dc.date.accessioned | 2012-08-01T20:42:11Z | |
| dc.date.available | 2012-11-13T08:01:21Z | |
| dc.date.issued | 2012-08-01 | |
| dc.date.submitted | 2012 | en |
| dc.description.abstract | Anomalies are unusual and unexpected events in the network that do not conform to the normal network activity. Accurate and agile anomaly identification is critical for reliable operation of the network. However, identifying complex anomalies within voluminous and diverse network traffic is a challenging task. This problem is further complicated when anomaly detection techniques designed for backbone networks are deployed in edge networks, producing low accuracy and many false alarms. This thesis reports the anomaly detection performance of three techniques in a large edge network. I enhance two backbone network techniques, BasisDetect and PCA, to work in edge networks. I also develop Gradient, a simple gradient-based multi-resolution anomaly detection technique, that performs efficiently in practice. The experiments are performed on a dataset spanning 23 months with periods of high and low network activity. The diverse sets of hosts in the network included servers, wireless devices, and residential users. I assess the detection performance using several metrics, including detection accuracy, robustness, and sensitivity to training sets and traffic volumes. I also analyze the impact of configuration parameters on the performance of anomaly detection techniques. My results show that both BasisDetect and Gradient generally perform with high accuracy in edge networks. BasisDetect lacks robustness over a long period of time but this deficiency can be addressed with periodic retraining. PCA, however, has low detection accuracy and generates many false alarms. | en_US |
| dc.identifier.citation | Iqbal, F. (2012). Anomaly detection in edge networks (Master's thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca. doi:10.11575/PRISM/24924 | en_US |
| dc.identifier.doi | http://dx.doi.org/10.11575/PRISM/24924 | |
| dc.identifier.uri | http://hdl.handle.net/11023/145 | |
| dc.language.iso | eng | |
| dc.publisher.faculty | Graduate Studies | |
| dc.publisher.institution | University of Calgary | en |
| dc.publisher.place | Calgary | en |
| dc.rights | University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. | |
| dc.subject | Computer Science | |
| dc.subject.classification | Networks | en_US |
| dc.subject.classification | anomaly detection | en_US |
| dc.subject.classification | PCA | en_US |
| dc.subject.classification | BasisDetect | en_US |
| dc.subject.classification | edge network | en_US |
| dc.subject.classification | Gradient | en_US |
| dc.title | Anomaly detection in edge networks | |
| dc.type | master thesis | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | University of Calgary | |
| thesis.degree.name | Master of Science (MSc) | |
| ucalgary.item.requestcopy | true |