Discovering anomalous patterns in network traffic data during Crisis Events

The world's interconnected data assets provide rapid options for individuals looking to communicate and retrieve information, which is especially critical in times of emergency. The ability for populations to get in touch with emergency responders, loved-ones, and retrieve or disseminate critical information about events as they unfold translates into better survivability in the face of crisis. Although telecommunication infrastructures are incapacitated and millions of people experienced hindered Internet access, mobile phone usage soars as people access wireless networks to communicate and seek information regarding an event such as a natural disaster. The demands for communication and information during crisis events distinctly differ from the typical data loads seen during normal operation in both traffic and content. Detecting the anomalies in network traffic data that occur during disruptive events such as earthquakes, hurricanes, and political uprisings can provide potential aid to first responders and be a potentially useful public surveillance tool. Utilizing historic data on network activity and content, a system for assessing the range, intensity, and category of a disruptive event is designed. Systems such as the one described in this manuscript, will detect changes in network traffic caused by disruptive events in real-time.