Abstract
Algorithms for anomaly detection in IP networks have been developed and a real-time distributed platform for anomaly detection has been implemented. These algorithms automatically and adaptively detect “soft” network faults (performance degradations) in IP networks. These algorithms are implemented as a reliable and fully distributed real-time software platform called NSAD (Network/Service Anomaly Detector). IP NSAD has the following novel features. First, it provides a flexible platform upon which pre-constructed components can be mixed/matched and distributed (to different machines) to form a wide range of application specific and fully distributed anomaly detectors. Second, anomaly detection is performed on raw network observables (e.g., performance data such as MIB2 and RMON1/2 variables) and algebraic functions of the observables (objective functions), making NSAD an objective driven anomaly detection system of wide detection range and high detection sensitivity. Third, controlled testing demonstrates that NSAD is capable of detecting network anomalies reliably in IP networks.
Chapter PDF
References
Ho, L. L., Cavuto, D. J., Papavassiliou, S., Hasan, M. Z., Feather, F. E., Zawadzki, A. G., “Adaptive Network/Service Fault Detection in TransactionOriented Wide Area Networks,” Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management (IM’99), Edt. M. Sloman, S. Mazumdar, and E. Lupu, (IEEE Press), to appear in May 1999.
Ho, L. L., Cavuto, D. J., Papavassiliou, S., Zawadzki, A. G., “Adaptive and Automated Detection of Network/Service Anomalies in Wide Area Networks,” Journal of Network and Systems Management, to appear in 1999.
Thottan, M., Ji, C., “Fault Prediction at the Network Layer using Intelligent Agents,” Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management (IM’99), Edt. M. Sloman, S. Mazumdar, and E. Lupu, (IEEE Press), to appear in May 1999.
Hood, C. and Ji, C., “Intelligent Processing Agents for Network Fault Detection”, IEEE Internet Computing, Vol. 2, No. 2, March/April 1998
Hellerstein, J. L., Zhang, F., Shahabuddin, P., “An Approach to Predictive Detection for Service Management,” Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management (IM’99), Edt. M. Sloman, S. Mazumdar, and E. Lupu (IEEE Press), to appear in May 1999.
Huberman, B. A., Lukose, R. M., “Social Dilemmas and Internet Congestion,” Science, Vol. 277, p. 535, July 1997.
Held, G., LAN Testing and Troubleshooting: Reliability Tuning Techniques, John Wiley & Sons, 1996.
Ballew, S. M., Managing IP Networks, O’Reilly & Associates, 1997.
Miller, M. A., Troubleshooting Internetworks, M&T Publishing, 1991.
Espinosa, R., Tripod, M., Tomic, S., Cisco Router Configuration & Troubleshooting, New Riders, 1998.
Kumar, V. P., Lakshman, T. V., Stiliadis, D., “Beyond Best-Effort: Gigabit Routers for Tomorrow’s Internet,” IEEE Communications Magazine, V36(5), p152, May 1998
White, P. P., “RSVP and Integrated Services in the Internet: A Tutorial,” IEEE Communications Magazine, V35(5), p100, 1997.
Reininger, D., “A Dynamic Quality of Service Framework for Video in Broadband Networks,” IEEE Network, V12(6), p22, 1998.
Lazar, A. A., Wang, W., Deng, R., “Models and Algorithms for Network Fault Detection and Identification: A Review,” ICC Singapore, Nov. 1992.
Parulkar, G., Schmidt, D., Kraemer, E., Turner, J., Kantawala, A., “An Architecture for Monitoring, Visualization, and Control of Gigabit Networks,” IEEE Networks, p.34, Sept/Oct, 1997.
Katzela, I. Schwartz, M., “Schemes for Fault Identification in Communication Networks,” IEEE/ACM Trans. Networking, Vol. 3(6), p.753, Dec, 1995.
Aidarous, S. (Edt.), Plevyak (Edt.), “Telecommunications Network Management: Technologies and Implementations,” IEEE Series on Network Management, (IEEE Press, 1998).
Aidarous, S. (Edt.), Plevyak (Edt.), “Telecommunications Network Management into the 21st Century: Techniques, Standards, Technologies, and Applications,” (IEEE Press, 1994).
Yemini, S., Kliger, S., Mozes, E., Yemini, Y., Ohsie, D., “High Speed and Robust Event Corrrelation,” IEEE Communication Magazine, May 1996.
Wang, C., Schwartz, M., “Fault Diagnosis of Network Connectivity Problems by Probabilistic Reasoning,” Network Management and Control Volume Two (Ed. Frisch, I. T., Malek, M., Panwar, S. S.), p.67, (Plenum Press 1994).
Dawes, N., Altoft, J., Pagurek, B., “Network Diagnosis by Reasoning in Uncertain Nested Evidence Spaces,” IEEE Transactions on Communications, Vol. 43, p.466, 1995.
Cortes, C., Jackel, L. D., Chiang, W., “Limits on Learning Machine Accuracy Imposed by Data Quality,” Proceedings of NIPS94-Neural Information Processing Systems: Natural and Synthetic Pagination, p. 239, (MIT Press 1994).
Cox, R. M., “Detecting Lost Billing Records Using Kalman Filters,” AT&T Labs Preprint (submitted), Oct. 1997.
Feather, F. E., Siewiorek, D., Maxion, R., “Fault Detection in an Ethernet Using Anomaly Signature Matching,” ACM SIGCOMM’93, 23(4), 1993.
Maxion, R., Feather, F. E., “A Case Study of Ethernet Anomalies in a Distributed Computing Environment,” IEEE Transactions on Reliability, 39(4), Oct 1990.
Hood, C., Ji, C., “Proactive Network Fault Detection,” IEEE Trans. Reliability, Vol. 46, No. 3, p.333, 1997.
Hood, C., Ji, C., “Proactive Network Fault Detection,” Proceeding IEEE INFOCOM, 1997.
Jakobson, G., Weissman, M. D., “Alarm Correlation,” IEEE Network, p. 52, Nov 1993.
Katker, S., Paterok, M., “Fault Isolation and Event Correlation for Integrated Fault Management,” Proceedings of the Fifth IFIP/IEEE International Symposium on Integrated Network Management, p. 583, 1997.
Hasan, M. Z., Sugla, B., Viswanathan, R., “A Conceptual Framework for Network Management Event Correlation and Filtering System,” Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management (IM’99), Edt. Edt. M. Sloman, S. Mazumdar, and E. Lupu, (IEEE Press), to appear in May 1999.
Stallings, W., “SNMP, SNMPv2, SNMPv3, and RMON 1 and 2,” (AddisonWesley, 1999).
Ho, L. L., Macey, C., Hiller, R., in preparation, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ho, L.L., Macey, C.J., Hiller, R. (1999). A Distributed and Reliable Platform for Adaptive Anomaly Detection in IP Networks. In: Stadler, R., Stiller, B. (eds) Active Technologies for Network and Service Management. DSOM 1999. Lecture Notes in Computer Science, vol 1700. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48100-1_3
Download citation
DOI: https://doi.org/10.1007/3-540-48100-1_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66598-4
Online ISBN: 978-3-540-48100-3
eBook Packages: Springer Book Archive