A compressed framework for monitoring and anomaly detection in cloud networks

Abstract

The frequent and increased number of attacks on large-scale cloud networks have necessitated a need for scalable network analyzing techniques for monitoring and anomaly/threat detection. This paper presents a lightweight Discrete Cosine Transform (DCT) based network analysis and measurement approach that can identify, visualize along with mid level categorization of attacks and anomalies in cloud traffic. We propose a network data traffic flow in terms of frames or images. With such an approach, a series of samples can represent a sequence of frames or video, thus, allows categorization/identification of various kinds of attacks. This enables various image processing techniques that can be applied to the network traffic to analyze interesting features of cloud platform traffic. We use two real world datasets and show that 2 dimensional DCT may be used to obtain reduction in storage of network traffic traces up to 98 percent in lossy compressed format. Similarly, 1 dimensional DCT provides efficient anomaly detection in the network revealing hidden anomalous trends. We also compare the efficacy of 1 dimensional Discrete Cosine Transform (DCT) based approach with classical 1 dimensional Fast Fourier Transform (FFT) based approach for anomaly detection.