Sparse Control and Data plane Telemetry features for BGP anomaly detection
Abstract:
Nowadays, the paradigm of detection of anomalous behavior in data networks is changing with the availability of data of high dimension and resolution, i.e. telemetry data. However, using such data requires careful analysis to decide which features are actually important for operators. In this paper we propose Sparse-RFE, a learning-based process that constructs a very small subset of telemetry features suitable for detection tasks. We apply Sparse-RFE on monitoring data of a BGP data center network described by a large amount of YANG instances. Our results show that collecting such subset of features from 1/3 of the nodes in the network results in instantiating only about 5% of the original features. Detectors based on Sparse-RFE features achieve high detection performance comparable to detectors that need all data from every node.
Año de publicación:
2019
Keywords:
- telemetry data
- feature selection
- Anomaly detection
- BGP network
- YANG features
Fuente:
scopus
googleTipo de documento:
Conference Object
Estado:
Acceso restringido
Áreas de conocimiento:
- Red informática
- Ciencias de la computación
- Ciencias de la computación
Áreas temáticas:
- Ciencias de la computación
- Métodos informáticos especiales
- Biblioteconomía y Documentación informatica
