Skip to main content
SpringerLink
Log in
Book cover

Industrial Conference on Data Mining

ICDM 2006: Advances in Data Mining. Applications in Medicine, Web Mining, Marketing, Image and Signal Mining pp 576–590Cite as

Computer Network Monitoring and Abnormal Event Detection Using Graph Matching and Multidimensional Scaling

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4065))

Abstract

Computer network monitoring and abnormal event detection have become important areas of research. In previous work, it has been proposed to represent a computer network as a time series of graphs and to compute the difference, or distance, of consecutive graphs in such a time series. Whenever the distance of two graphs exceeds a given threshold, an abnormal event is reported. In the present paper we go one step further and compute graph distances between all pairs of graphs in a time series. Given these distances, a multidimensional scaling procedure is applied that maps each graph onto a point in the two-dimensional real plane, such that the distances between the graphs are reflected, as closely as possible, in the distances between the points in the two-dimensional plane. In this way the behaviour of a network can be visualised and abnormal events as well as states or clusters of states of the network can be graphically represented. We demonstrate the feasibility of the proposed method by means of synthetically generated graph sequences and data from real computer networks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Krügel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detectionrderung der wissenschaftlichen forschung), under contract number P13731-MAT. The views expressed in this article are those of the authors and do not necessarily reflect the opinions or pos. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Mahoney, M., Chan, P.: Learning rules for anomaly detection of hostile network traffic. In: ICDM 2003: Third IEEE International Conference on Data Mining, Washington, DC, USA, pp. 601–604. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  3. Lewis, L.: A case based reasoning approach to the managment of faults in communications networks. In: IEEE INFOCOM, San Francisco, CA, vol. 3, pp. 1422–1429 (March 1993)

    Google Scholar 

  4. Bon, K.S.: Signature-Based Approach for Intrusion Detection. In: Perner, P., Imiya, A. (eds.) MLDM 2005. LNCS, vol. 3587, pp. 526–536. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Lazar, A., Wang, W., Deng, R.: Models and algorithms for network fault detection and identification: A review. In: ICC, Singapore (November 1992)

    Google Scholar 

  6. Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies. In: IMW 2001: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, San Francisco, California, USA, pp. 69–73. ACM Press, New York (2001)

    Chapter  Google Scholar 

  7. Thottan, M., Ji, C.: Proactive anomaly detection using distributed intelligent agents. IEEE Network 12(5), 21–27 (1998)

    Article  Google Scholar 

  8. Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Prasanth, R.K., Ravichandran, B., Mehra, R.K.: Proactive detection of distributed denial of service attacks using mib traffic variables - a feasibility study. In: Proceedings of 2001 IEEE/IFIP International Symposium on Integrated Network Management, pp. 609–622 (May 2001)

    Google Scholar 

  9. Hellerstein, J., Watson, T.J.: An approach to selecting metrics for detecting performance problems in information systems. In: Proceedings of Second IEEE International Workshop on Systems Management, pp. 30–39 (1996)

    Google Scholar 

  10. Hood, C.S., Ji, C.: Intelligent network monitoring. In: Proceedings of the 1995 IEEE Workshop on Neural Networks for Signal Processing, pp. 521–530 (1995)

    Google Scholar 

  11. Magnaghi, A., Hamada, T., Katsuyama, T.: A wavelet-based framework for proactive detection of network misconfigurations. In: SIGCOMM 2004, pp. 253–258 (August 2004)

    Google Scholar 

  12. Hood, C.S., Proactive, C.J.: Network-fault detection. IEEE Trans. Reliability 46(3), 333–341 (1997)

    Article  Google Scholar 

  13. Giacinto, G., Perdisci, R., Roli, F.: Alarm Clustering for Intrusion Detection Systems in Computer Networks. In: Perner, P., Imiya, A. (eds.) MLDM 2005. LNCS (LNAI), vol. 3587, pp. 184–193. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Bunke, H., Kraetzl, M., Shoubridge, P., Wallis, W.D.: Detection of abnormal change in time series of graphs. Journal of Interconnection Networks 3(1&2), 85–101 (2002)

    Google Scholar 

  15. Dickinson, P., Bunke, H., Dadej, A., Kraetzl, M.: Median graphs and anomalous change detection in communication networks. In: Proc. Int. Conference on Information, Decision and Control, Adelaide, pp. 59–64 (2002)

    Google Scholar 

  16. Bunke, H., Kraetzl, M.: Classification and detection of abnormal events in time series of graphs. In: Last, M., Kandel, A., Bunke, H. (eds.) Data Mining in Time Series Databases, pp. 127–148. World Scientific, Singapore (2004)

    Chapter  Google Scholar 

  17. Sanfeliu, A., Fu, K.S.: A distance measure between attributed relational graphs for pattern recognition. IEEE Trans. SMC 13, 353–363 (1983)

    MATH  Google Scholar 

  18. Dickinson, P., Bunke, H., Dadej, A., Kraetzl, M.: Matching graphs with unique node labels. Pattern Analysis and Applications 7(3), 243–254 (2004)

    MathSciNet  Google Scholar 

  19. Cox, T.F., Cox, M.A.A.: Multidimensional Scaling. Chapman & Hall, Boca Raton (1995)

    Google Scholar 

  20. Borg, I., Groenen, P.: Modern Multidimensional Scaling. Springer, Heidelberg (1997)

    MATH  Google Scholar 

  21. Ullman, J.: An Algorithm for subgraph isomorphism. Journal of the Association for Computing Machinery 23(1), 31–42 (1976)

    MATH  MathSciNet  Google Scholar 

  22. McGregor: Backtrack search algorithms and the maximal common subgraph problem. Software-Practice and Experience 12, 13–23 (1982)

    Google Scholar 

  23. Jain, A., Murty, M., Flynn, P.: Data clustering: a review. ACM Computing Surveys 31, 264–323 (1999)

    Article  Google Scholar 

  24. Ester, M., Kriegel, H., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Knowledge Discovery and Data Mining, pp. 226–231 (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Informatik und angewandte Mathematik, University of Bern, Neubrückstrasse 10, CH-3012, Bern, Switzerland

    H. Bunke, A. Humm & Ch. Irniger

  2. Intelligence, Surveillance and Reconnaissance Division, Defence Science and Technology Organisation, Edinburgh, SA 5111, Australia

    P. Dickinson & M. Kraetzl

  3. Department of Informatics, University of Fribourg, Bd de Pérolles 90, CH-1700, Fribourg, Switzerland

    A. Humm

Authors
  1. H. Bunke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. Dickinson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Humm
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ch. Irniger
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. M. Kraetzl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Computer Vision and applied Computer Sciences, IBaI, Germany

    Petra Perner

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bunke, H., Dickinson, P., Humm, A., Irniger, C., Kraetzl, M. (2006). Computer Network Monitoring and Abnormal Event Detection Using Graph Matching and Multidimensional Scaling. In: Perner, P. (eds) Advances in Data Mining. Applications in Medicine, Web Mining, Marketing, Image and Signal Mining. ICDM 2006. Lecture Notes in Computer Science(), vol 4065. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11790853_45

Download citation

  • DOI: https://doi.org/10.1007/11790853_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-36036-0

  • Online ISBN: 978-3-540-36037-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation