Parameterized anomaly detection system with automatic configuration

Authors:
Bruno B. Zarpelão;Leonardo S. Mendes;Mario L. Proença, Jr.;Joel J. P. C. Rodrigues
Affiliations:
University of Campinas, Campinas, Brazil;University of Campinas, Campinas, Brazil;State Univ. of Londrina, Londrina, Brazil;University of Beira Interior, Covilhã, Portugal
Venue:
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Year:
2009

Citing 11
Cited 1

SNMP,SNMPV2,Snmpv3,and RMON 1 and 2

SNMP,SNMPV2,Snmpv3,and RMON 1 and 2
Math Structures for Computer Science

Math Structures for Computer Science
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
IP forwarding anomalies and improving their detection using multiple data sources

Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Network anomography

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Traffic Anomaly Detection at Fine Time Scales with Bayes Nets

ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
Network Anomaly Detection System: The State of Art of Network Behaviour Analysis

ICHIT '08 Proceedings of the 2008 International Conference on Convergence and Hybrid Information Technology
Detecting Network-Wide Traffic Anomalies Based on Spatial HMM

NPC '08 Proceedings of the 2008 IFIP International Conference on Network and Parallel Computing
Anomaly detection in IP networks

IEEE Transactions on Signal Processing
Network anomaly diagnosis via statistical analysis and evidential reasoning

IEEE Transactions on Network and Service Management
Anomaly detection methods in wired networks: a survey and taxonomy

Computer Communications

Inference of network anomaly propagation using spatio-temporal correlation

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

This work proposes a parameterized anomaly detection system, based on the method known as profile based. The analysis of network elements is performed in two levels: (i) analysis of Simple Network Management Protocol (SNMP) objects data using a hysteresis-based algorithm to detect behavior deviations; (ii) analysis of alerts generated in the first level using a dependency graph, which represents the relationships between the SNMP objects. The proposed system is also able to configure its own parameters automatically, aiming to meet the network administrator needs. Tests were performed in a real network environment and great results were obtained.