Network operators are routinely confronted with a wide range of anomalies—ranging from abuse-related events (DOS attacks, worms, scans) to maintainance issues (outages, misconfigurations, etc.) to unusual customer behavior (flash crowds, shift in customer demands, etc.). To mitigate their effect, operators need to mine network-wide data for anomalies as they occur, and once detected, classify them in order to select the appropriate response.

In this talk, we will present techniques to detect and classify anomalies in network-wide flow traffic data. We will then apply our methods on data collected from two backbone networks, and show that they can: 1) detect a broad set of anomalies, at a low false alarm rate, and 2) automatically classify anomalies into meaningful categories.

About the Presenter
Anukool Lakhina is a Ph.D. candidate at Boston University, where he is advised by Prof. Mark Crovella. Anukool spent four months at Sprint Labs, where he worked on problems faced by network operators. His Ph.D. dissertation was inspired by these problems, and develops methods for analyzing network-wide traffic in order to detect unusual network events, such as attacks, scans, shifts in traffic, outages, etc. Anukool intends to graduate in dall 2005.