Angle: monitoring network anomalies

Angle Anomaly Detection project was created to monitor network traffic and to detect unknown anomalous events. Network health is monitored by capturing packets at multiple Internet locations and detecting new traffic trends and sudden changes.

Each packet's network address along with all identifiable information is hashed using a salt and the payload is zeroed before writing to disk. Hash salts are changed every 10-100 million packets. Each packet is geo-tagged to a country of origin and destination. Captured files are then processed to define behavior clusters. Cluster definition changes are monitored across local/global data domains for changes, trends and events.

Sector P2P file repository software is used to store and access capture files on the Teraflow Testbed.

Network traffic anomaly Demo map interface

Provides worldwide view of anomalous network activity as observed by numerous monitoring sites. Timeseries of features data along with clustering visualizations are presented for selected time intervals and models.

Demo link.


Angle project is hosted on the TeraFlow Testbed.

ANGLE| Contact Us | ©2008 National Center for Data Mining