Investigation of graph edit distance cost functions for detection of network anomalies


  • Kelly Marie Kapsabelis
  • Peter John Dickinson
  • Kutluyil Dogancay



Computer networks are becoming ubiquitous. Accurately monitoring and managing the behaviour of these complex and dynamic networks is a challenging task. It has become crucial to develop and employ good network monitoring techniques that assist in identifying and correcting abnormalities that affect network reliability, performance, security and future planning. There has been significant research in the detection of change and anomalous events in computer networks. A recent novel approach represents the logical communications of a periodically observed network as a time series of graphs and applies the graph matching technique, graph edit distance, to monitor and detect anomalous behaviour in the network. To date, only simple cost functions for graph edit operations have been used in application to computer network monitoring. This article investigates simple normalisation and non-linear techniques in the graph edit distance cost function, to improve detection of specific traffic related network anomalies in the computer network domain.





Proceedings Computational Techniques and Applications Conference