Abstract
Computer network monitoring and abnormal event detection have become important areas of research. In previous work, it has been proposed to represent a computer network as a time series of graphs and to compute the difference, or distance, of consecutive graphs in such a time series. Whenever the distance of two graphs exceeds a given threshold, an abnormal event is reported. In the present paper we go one step further and compute graph distances between all pairs of graphs in a time series. Given these distances, a multidimensional scaling procedure is applied that maps each graph onto a point in the two-dimensional real plane, such that the distances between the graphs are reflected, as closely as possible, in the distances between the points in the two-dimensional plane. In this way the behaviour of a network can be visualised and abnormal events as well as states or clusters of states of the network can be graphically represented. We demonstrate the feasibility of the proposed method by means of synthetically generated graph sequences and data from real computer networks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Krügel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detectionrderung der wissenschaftlichen forschung), under contract number P13731-MAT. The views expressed in this article are those of the authors and do not necessarily reflect the opinions or pos. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)
Mahoney, M., Chan, P.: Learning rules for anomaly detection of hostile network traffic. In: ICDM 2003: Third IEEE International Conference on Data Mining, Washington, DC, USA, pp. 601–604. IEEE Computer Society, Los Alamitos (2003)
Lewis, L.: A case based reasoning approach to the managment of faults in communications networks. In: IEEE INFOCOM, San Francisco, CA, vol. 3, pp. 1422–1429 (March 1993)
Bon, K.S.: Signature-Based Approach for Intrusion Detection. In: Perner, P., Imiya, A. (eds.) MLDM 2005. LNCS, vol. 3587, pp. 526–536. Springer, Heidelberg (2005)
Lazar, A., Wang, W., Deng, R.: Models and algorithms for network fault detection and identification: A review. In: ICC, Singapore (November 1992)
Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies. In: IMW 2001: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, San Francisco, California, USA, pp. 69–73. ACM Press, New York (2001)
Thottan, M., Ji, C.: Proactive anomaly detection using distributed intelligent agents. IEEE Network 12(5), 21–27 (1998)
Cabrera, J.B.D., Lewis, L., Qin, X., Lee, W., Prasanth, R.K., Ravichandran, B., Mehra, R.K.: Proactive detection of distributed denial of service attacks using mib traffic variables - a feasibility study. In: Proceedings of 2001 IEEE/IFIP International Symposium on Integrated Network Management, pp. 609–622 (May 2001)
Hellerstein, J., Watson, T.J.: An approach to selecting metrics for detecting performance problems in information systems. In: Proceedings of Second IEEE International Workshop on Systems Management, pp. 30–39 (1996)
Hood, C.S., Ji, C.: Intelligent network monitoring. In: Proceedings of the 1995 IEEE Workshop on Neural Networks for Signal Processing, pp. 521–530 (1995)
Magnaghi, A., Hamada, T., Katsuyama, T.: A wavelet-based framework for proactive detection of network misconfigurations. In: SIGCOMM 2004, pp. 253–258 (August 2004)
Hood, C.S., Proactive, C.J.: Network-fault detection. IEEE Trans. Reliability 46(3), 333–341 (1997)
Giacinto, G., Perdisci, R., Roli, F.: Alarm Clustering for Intrusion Detection Systems in Computer Networks. In: Perner, P., Imiya, A. (eds.) MLDM 2005. LNCS (LNAI), vol. 3587, pp. 184–193. Springer, Heidelberg (2005)
Bunke, H., Kraetzl, M., Shoubridge, P., Wallis, W.D.: Detection of abnormal change in time series of graphs. Journal of Interconnection Networks 3(1&2), 85–101 (2002)
Dickinson, P., Bunke, H., Dadej, A., Kraetzl, M.: Median graphs and anomalous change detection in communication networks. In: Proc. Int. Conference on Information, Decision and Control, Adelaide, pp. 59–64 (2002)
Bunke, H., Kraetzl, M.: Classification and detection of abnormal events in time series of graphs. In: Last, M., Kandel, A., Bunke, H. (eds.) Data Mining in Time Series Databases, pp. 127–148. World Scientific, Singapore (2004)
Sanfeliu, A., Fu, K.S.: A distance measure between attributed relational graphs for pattern recognition. IEEE Trans. SMC 13, 353–363 (1983)
Dickinson, P., Bunke, H., Dadej, A., Kraetzl, M.: Matching graphs with unique node labels. Pattern Analysis and Applications 7(3), 243–254 (2004)
Cox, T.F., Cox, M.A.A.: Multidimensional Scaling. Chapman & Hall, Boca Raton (1995)
Borg, I., Groenen, P.: Modern Multidimensional Scaling. Springer, Heidelberg (1997)
Ullman, J.: An Algorithm for subgraph isomorphism. Journal of the Association for Computing Machinery 23(1), 31–42 (1976)
McGregor: Backtrack search algorithms and the maximal common subgraph problem. Software-Practice and Experience 12, 13–23 (1982)
Jain, A., Murty, M., Flynn, P.: Data clustering: a review. ACM Computing Surveys 31, 264–323 (1999)
Ester, M., Kriegel, H., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Knowledge Discovery and Data Mining, pp. 226–231 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bunke, H., Dickinson, P., Humm, A., Irniger, C., Kraetzl, M. (2006). Computer Network Monitoring and Abnormal Event Detection Using Graph Matching and Multidimensional Scaling. In: Perner, P. (eds) Advances in Data Mining. Applications in Medicine, Web Mining, Marketing, Image and Signal Mining. ICDM 2006. Lecture Notes in Computer Science(), vol 4065. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11790853_45
Download citation
DOI: https://doi.org/10.1007/11790853_45
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36036-0
Online ISBN: 978-3-540-36037-7
eBook Packages: Computer ScienceComputer Science (R0)