NETWORK ANOMALY DETECTION
In this project we try to find anomalies in a time series network traffic using two techniques. We first model the network traffic as an undirected weighted graph. Using personalized page rank we rank each IP for each day of the Network data. We try to find if the page rank of any node changed significantly across days. A significant increase or decrease in the rank may mean that the node started sending too many packets or started receiving too many packets from other servers. We model the rank of each IP in a time series and use Mean Shift model to estimate the change point. If we detect a change point we flag it as anomaly. We try the algorithm on challenge network dataset. We further try the analysis on Darpa Test Dataset and measure the prediction and recall value over the labeled dataset. Finally we run the algorithm on sipscan real-time dataset and try to find IP√Ę‚?¨‚?Ęs with anomalous behaviors. Another approach used is based on detecting changes in Isomorphic graph sub-components to detect presence of anomalies on a given time period by considering multiple time periods√Ę‚?¨‚?Ę data points.