Paper Title
Anomaly Extraction In The Network Using Association Rule Mining
Abstract
Abstract— Anomaly extraction is an important problem essential to several applications ranging from root cause analysis, to
attack mitigation, and testing anomaly detectors. Anomaly extraction is preceded by an anomaly detection step, which detects
anomalous events and may identify a large set of possible associated event flows. The goal of anomaly extraction is to find and
summarize the set of flows that are effectively caused by the anomalous event. In this work, we use metadata provided by
several histogram based detectors to identify suspicious flows and then apply association rule mining to find and summarize
the event flows. Using rich traffic data from a backbone network, we show that we can reduce the classification cost, in terms
of items (flows or rules) that need to be classified, by several orders of magnitude. Further, we show that our techniques
effectively isolate event flows in all analyzed cases.