Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Topographical proximity for mining network alarm data
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Dynamic syslog mining for network failure monitoring
Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Discovery of interesting episodes in sequence data
Proceedings of the 2006 ACM symposium on Applied computing
High speed and robust event correlation
IEEE Communications Magazine
Hi-index | 0.00 |
As networks become increasingly large and complex the relationships and dependencies between network elements also grow in complexity and size. If an e-mail server goes off-line for ten minutes but never goes off-line again, it might not be a serious problem, and can be forgotten about. But if the e-mail server repeatedly goes off-line, the cause of the problem must be found. The difficulty for network operators is discovering what causes the problem -- we address this issue and formalize a method to make event logs more useful to network operators. In this paper we describe how network events can be correlated across multiple network layers, and utilize the temporal and spatial aspects of the event data to more accurately correlate network events than using the event descriptions alone. Our results show that by statistically analyzing Syslog data, a relationship graph can be automatically generated that shows relationships between network elements. We then go on to discuss how such a relationship graph, in combination with event correlation, can help operators more accurately discover the root cause of problems, and identify hidden relationships and dependencies within their networks.