A data mining system for distributed abnormal event detection in backbone networks

Detecting distributed abnormal events has become an increasingly significant task for efficient network management and operation. However, it is still challenging to uncover these distributed behaviors in backbone networks because of the voluminous amount of noisy, high-dimensional traffic data. In this paper, we present a novel system for detecting distributed abnormal events in backbone networks. The proposed system emphasizes on detecting distributed correlated abnormal events, which are caused by the same reason. In contrast, existing methods are not able to distinguish correlated abnormal events from the independent abnormal events. In our proposed system, a set of data mining techniques is used for modeling and detecting distributed correlated abnormal events by analyzing the traffic features. Specifically, traffic behavior representation is constructed to define and select traffic features for describing the traffic behaviors of interest, feature clustering is performed to group together similar transformations in each feature, behavioral data mining is employed to discover the most significant patterns in network interactions with respect to typical behavior, and behavior classification is used to expose the behaviors of interest. Experiment results using real traffic data present the effectiveness of our proposed methods for detecting distributed correlated abnormal events in the backbone network. © 2013 John Wiley & Sons, Ltd.