%0 Journal Article %1 dalconzo-IJNM-2010 %A D'Alconzo, Alessandro %A Coluccia, Angelo %A Romirer-Maierhofer, Peter %D 2010 %J International Journal of Network Management %K 3g detection mobile networks theory %T Distribution-Based Anomaly Detection in 3G Mobile Networks: From Theory to Practice %X The design of Anomaly Detection (AD) methods for network traffic has been intensively investigated by the research community in the recent years. However, less attention has been devoted to the issues which eventually arise when deploying such tools in a real operational context. We designed a statistical based change-detection algorithm for identifying deviations in distribution timeseries. The proposed method has been applied to the analysis of large dataset from an operational 3G mobile network, in the perspective of the adoption of such a tool in production. Our algorithm is designed to cope with the marked non-stationarity and daily/weekly seasonality that characterize the traffic mix in a large public network. Several practical issues emerged during the study including the need to handle incompleteness of the collected data, the difficulty to drill down the cause of certain alarms, the need for human assistance in resetting the algorithm after a persistent change of the network configuration (e.g. a capacity upgrade). We report on our practical experience, highlighting the key lessons learned and the hands-on experience matured from such an analysis. Finally, we propose a novel methodology based on semi-synthetic traces for tuning and performance assessment of the proposed AD algorithm.

@article{dalconzo-IJNM-2010, abstract = {The design of Anomaly Detection (AD) methods for network traffic has been intensively investigated by the research community in the recent years. However, less attention has been devoted to the issues which eventually arise when deploying such tools in a real operational context. We designed a statistical based change-detection algorithm for identifying deviations in distribution timeseries. The proposed method has been applied to the analysis of large dataset from an operational 3G mobile network, in the perspective of the adoption of such a tool in production. Our algorithm is designed to cope with the marked non-stationarity and daily/weekly seasonality that characterize the traffic mix in a large public network. Several practical issues emerged during the study including the need to handle incompleteness of the collected data, the difficulty to drill down the cause of certain alarms, the need for human assistance in resetting the algorithm after a persistent change of the network configuration (e.g. a capacity upgrade). We report on our practical experience, highlighting the key lessons learned and the hands-on experience matured from such an analysis. Finally, we propose a novel methodology based on semi-synthetic traces for tuning and performance assessment of the proposed AD algorithm.}, added-at = {2010-06-03T12:11:28.000+0200}, author = {D'Alconzo, Alessandro and Coluccia, Angelo and Romirer-Maierhofer, Peter}, biburl = {https://www.bibsonomy.org/bibtex/2f91917aa7adbb1eef8e27d1cabf69c55/dalconzo}, interhash = {78a5c27d205845d793e213afaa008cd1}, intrahash = {f91917aa7adbb1eef8e27d1cabf69c55}, journal = {International Journal of Network Management}, key = {Anomaly detection, 3G mobile networks}, keywords = {3g detection mobile networks theory}, month = {August}, timestamp = {2010-06-03T12:11:28.000+0200}, title = {Distribution-Based Anomaly Detection in 3G Mobile Networks: From Theory to Practice}, year = 2010 }