A non-instrusive, wavelet-based approach to detecting network performance problems
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis
Proceedings of the 2nd International Conference on Application and Theory of Automation in Command and Control Systems
| Hi-index | 0.00 |
Internet Service Providers(ISPs) should detect and control abnormal traffic fast for stable network management. One of the ways to detect traffic anomalies fast is shortening traffic collecting cycle. However, performance degradation is inevitable if a centralized traffic collection server gathers all traffic data from equipments in a large ISP. This paper presents an enhanced traffic collection algorithm that can gather traffic data frequently without degrading the performance by analyzing SNMP MID objects' correlation. The algorithm estimates the values of interface group objects by using ip group objects, thus, it reduces the number of collections. We evaluated this algorithm on KORNET backbone network. The performance degradation was not found on the experiment, and the accuracy of the algorithm was fairly good.