트래픽 분석 프로젝트들
해외에는 어떤 프로젝트들이 진행되고 있는지 조사해 보았다.
D-Trigger: A General Framework for Efficient On-line Detection
- 대학: U.C. berkeley
- 홈페이지: http://radlab.cs.berkeley.edu/wiki/Dtrigger
- 주요 논문: [Infocom 07] Communication-Efficient Online Detection of Network-Wide Anomalies
- 개요 설명:
Today's large-scale distributed monitoring systems deploy monitor sensors throughout the network to monitor local network status and continuously generate large set of widely distributed data streams. They periodically push all data to a Network Operation Center (NOC) for sophisticated analysis and anomaly detection. However, such a periodic pushing approach suffers from scalability limitations: When the detection time goes to a sub-second time scale, coupling with an order of magnitude (or more) increase in monitors, the volume of data collected could explode, and would overload the central processing site and saturated the network links for many production networks.
D-Trigger is a general framework for distributed monitoring systems which allows the graceful integration of varied optimization algorithms. D-Trigger is designed with focus on data collection for anomaly detection, and bridges together the best techniques from continuously data streaming, online machine learning and distributed signal processing. D-Trigger involves in-network processing at distributed local sites, and decision making at the NOC. The combination of distributed local processing strategies, sophisticated detection algorithms, and theoretical analysis tools enable D-Trigger to perform in-network tracking which achieves high detection accuracy with low communication overhead. In addition, D-Trigger is able to accommodate a broad set of machine learning algorithms for the detection of various unusual events, including botnet attack, volume anomaly on ISP network, powergrid outage, etc.
Modular Strategies for Internetwork Monitoring
- NSF에서 펀딩함
- 주요 참석 대학 : umich, bu, wisconsin
- 홈페이지: http://www.eecs.umich.edu/~msim/index.html
- 주요 논문: [Sigcomm 04] Diagnosing Network-Wide Traffic Anomalies
- 개요 설명:
Our project addresses the longstanding and difficult problem of detecting and classifying spatially distributed network anomalies from multiple monitoring sites on the Internet. The basic scientific approach is illustrated by the block diagram in the figure shown below.
WAIL (Wisconsin Advanced Internet Laboratory)
- 주요 과제: Internet Anomaly & Intrusion Detection
- 대학: University of Wisconsin
- 홈페이지: http://wail.cs.wisc.edu/anomaly.html
- 주요 논문: [Sigcomm IMW 02] A Signal Analysis of Network Traffic Anomalies
[Sigcomm IMW 01] Characteristics of Network Traffic Flow Anomalies
- 개요 설명:
Our project on network traffic anomalies concerns applying multiresolution analysis techniques to IP flow data. MRA via wavelet methods enables anomalies to be isolated in both frequency and time.