Investigation of graph edit distance cost functions for detection of network anomalies

Kelly Marie Kapsabelis, Peter John Dickinson, Kutluyil Dogancay


Computer networks are becoming ubiquitous. Accurately monitoring and managing the behaviour of these complex and dynamic networks is a challenging task. It has become crucial to develop and employ good network monitoring techniques that assist in identifying and correcting abnormalities that affect network reliability, performance, security and future planning. There has been significant research in the detection of change and anomalous events in computer networks. A recent novel approach represents the logical communications of a periodically observed network as a time series of graphs and applies the graph matching technique, graph edit distance, to monitor and detect anomalous behaviour in the network. To date, only simple cost functions for graph edit operations have been used in application to computer network monitoring. This article investigates simple normalisation and non-linear techniques in the graph edit distance cost function, to improve detection of specific traffic related network anomalies in the computer network domain.

Full Text:

PDF BibTeX References


Remember, for most actions you have to record/upload into this online system
and then inform the editor/author via clicking on an email icon or Completion button.
ANZIAM Journal, ISSN 1446-8735, copyright Australian Mathematical Society.