Skip to Main content Skip to Navigation
Conference papers

GAMPAL: Anomaly Detection for Internet Backbone Traffic by Flow Prediction with LSTM-RNN

Abstract : This paper proposes a general-purpose anomaly detection mechanism for Internet backbone traffic named GAMPAL (General-purpose Anomaly detection Mechanism using Path Aggregate without Labeled data). GAMPAL does not require labeled data to achieve a general-purpose anomaly detection. For scalability to the number of entries in the BGP RIB (Routing Information Base), GAMPAL introduces path aggregates. The BGP RIB entries are classified into the path aggregates, each of which is identified with the first three AS numbers in the AS_PATH attribute. GAMPAL establishes a prediction model of traffic throughput based on past traffic throughput. It adopts the LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) model focusing on periodicity in weekly scale of the Internet traffic pattern. The validity of GAMPAL is evaluated using the real traffic information and the BGP RIB exported from the WIDE backbone network (AS2500), a nation-wide backbone network for research and educational organizations in Japan. As a result, GAMPAL successfully detects traffic increases due to events and DDoS attacks targeted to a stub organization.
Complete list of metadata

https://hal.inria.fr/hal-03266474
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, June 21, 2021 - 5:32:28 PM
Last modification on : Friday, July 30, 2021 - 2:48:45 PM
Long-term archiving on: : Wednesday, September 22, 2021 - 7:04:27 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Taku Wakui, Takao Kondo, Fumio Teraoka. GAMPAL: Anomaly Detection for Internet Backbone Traffic by Flow Prediction with LSTM-RNN. 2nd International Conference on Machine Learning for Networking (MLN), Dec 2019, Paris, France. pp.196-211, ⟨10.1007/978-3-030-45778-5_13⟩. ⟨hal-03266474⟩

Share

Metrics

Les métriques sont temporairement indisponibles