Detecting anomalies in backbone network traffic: a performance comparison among several change detection methods

In the last years, the ever increasing number of network attacks has brought the research attention to the design and development of effective anomaly detection systems. To this aim, the main target is to develop efficient algorithms able to detect abrupt changes in the data, with the smallest detection delay. In this paper, we present a novel method for network anomaly detection, based on the idea of discovering heavy change (HC) in the distribution of the Heavy I-litters in the network traffic, by applying several forecasting algorithms. To assess the validity of the proposed method, we have performed an experimental evaluation phase, during which our system performance have been compared to more 'classical' approaches, such as a standard HC method and the promising CUSUM method. The performance analysis, presented in this paper, demonstrates the effectiveness of the proposed method, showing how it is able to outperform the 'classical' approaches.