Network Traffic Anomaly Detection and Characterization

Network systems need to be able to detect malicious activity and characterize it so that proper actions may be taken. This need is clearly demonstrated through the observed growth rate of informational and economic damage caused by intentionally or unintentionally induced attacks, faults, defects, etc. Network traffic characterization needs to take place accurately and quickly in real time to facilitate prompt appropriate action. Computational and storage resource limits require ingenuity to effectively characterize constantly varying network traffic trends. This paper aims to study network traffic characterization through applying forecasting algorithms to network traffic data and attempting to characterize the aberrations. A series of network traffic anomalies are studied and explained, these explanations are then linked with the specific anomaly’s unique characteristics to expose a set of conditions that distinguish the particular event. This characterization would provide a basis for appropriate responses to network activity.