Abstract:
Statistical information about tra c patterns help a service provider to characterize its network resource usage and user behavior, infer future tra c demands, detect tra c and usage anomalies, and possibly provide insights to improve the performance of the network. However, the increasingly high volume and speed of data over modern networks make collecting these statistics di cult. Moreover, smarter network attacks require sophisticated detection methods that are able to fuse many network and hardware signals. Fortunately, Bayesian statistical methods are powerful tools that can infer such information under the harsh network environments. In this thesis we apply two Bayesian methods for two speci c network problems. First, we use the Bayesian multiple change models to detect DDoS attacks in SIP networks by fusing the observations coming from the network tra c and the networking hardware. We show that our method is superior to classic DDoS detection methods and using hardware signals improve the detection rate. For this work, we developed a probabilistic SIP network simulator and a monitoring system, and published it as an open-source software. In our second work, we estimated network statistics from a high speed network where we can only observe a fraction of the network tra c. For this problem we develop a generic novel method called ThinNTF, based on non-negative tensor factorization. This method can work with di erent network sampling schemes and recovers original network statistics by detecting the periodic network tra c patterns from the sampled network data and gives better estimates compared to the state of the art.