A Distributed and Reliable Platform for Adaptive Anomaly Detection in IP Networks
DSOM '99 Proceedings of the 10th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Active Technologies for Network and Service Management
Architecture of Generalized Network Service Anomaly and Fault Thresholds
MMNS '01 Proceedings of the 4th IFIP/IEEE International Conference on Management of Multimedia Networks and Services: Management of Multimedia on the Internet
A Queueing-Based Approach to Overload Detection
NET-COOP '09 Proceedings of the 3rd Euro-NF Conference on Network Control and Optimization
M/G/∞ transience, and its applications to overload detection
Performance Evaluation
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
Survey on dependable IP over fiber networks
Dependable Systems
Changepoint detection techniques for VoIP traffic
DataTraffic Monitoring and Analysis
Hi-index | 0.07 |
Algorithms and software for proactive and adaptive detection of network/service anomalies (i.e., performance degradations) have been developed, implemented, deployed, and field-tested for transaction-oriented wide area networks (WANs). A real-time anomaly detection system called TRISTAN (transaction instantaneous anomaly notification) has been implemented, and is deployed in the commercially important AT&T transaction access services (TAS) network. TAS is a high volume, multiple service classes, hybrid telecom and data WAN that services transaction traffic in the U.S. and neighboring countries. TRISTAN adaptively and preactively detects network/service performance anomalies in multiple-service-class-based and transaction-oriented networks, where performances of service classes are mutually dependent and correlated, where environmental factors (e.g., nonmanaged or nonmonitored equipment within customer premises) can strongly impact network and service performances. Specifically, TRISTAN implements algorithms that: 1) sample and convert raw transaction records to service-class based performance data in which potential network anomalies are highlighted; 2) automatically construct adaptive and service-class-based performance thresholds from historical transaction records for detecting network and service anomalies; and 3) perform real-time network/service anomaly detection. TRISTAN is demonstrated to be capable of proactively detecting network/service anomalies, which easily elude detection by the traditional alarm-based network monitoring systems