Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Experiences in traceroute and available bandwidth change analysis
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Complementary Visualization of perfSONAR Network Performance Measurements
ICISP '06 Proceedings of the International Conference on Internet Surveillance and Protection
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Driving by the rear-view mirror: managing a network with cricket
NETA'99 Proceedings of the 1st conference on Conference on Network Administration - Volume 1
Detecting distributed network traffic anomaly with network-wide correlation analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Troubleshooting chronic conditions in large IP networks
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Network anomaly confirmation, diagnosis and remediation
Allerton'09 Proceedings of the 47th annual Allerton conference on Communication, control, and computing
OnTimeDetect: Dynamic Network Anomaly Notification in perfSONAR Deployments
MASCOTS '10 Proceedings of the 2010 IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Spatio-temporal patterns in network events
Proceedings of the 6th International COnference
Non-cooperative diagnosis of submarine cable faults
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
PerfSONAR: a service oriented architecture for multi-domain network monitoring
ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing
The PingER project: active Internet performance monitoring for the HENP community
IEEE Communications Magazine
Detecting third-party addresses in traceroute IP paths
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Analysis of a "/0" stealth scan from a botnet
Proceedings of the 2012 ACM conference on Internet measurement conference
Anomaly extraction in backbone networks using association rules
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
For purposes such as end-to-end monitoring, capacity planning, and performance bottleneck troubleshooting across multi-domain networks, there is an increasing trend to deploy interoperable measurement frameworks such as perfSONAR. These deployments expose vast data archives of current and historic measurements, which can be queried using web services. Analysis of these measurements using effective schemes to detect and diagnose anomaly events is vital since it allows for verifying if network behavior meets expectations. In addition, it allows for proactive notification of bottlenecks that may be affecting a large number of users. In this paper, we describe our novel topology-aware scheme that can be integrated into perfSONAR deployments for detection and diagnosis of network-wide correlated anomaly events. Our scheme involves spatial and temporal analyses on combined topology and uncorrelated anomaly events information for detection of correlated anomaly events. Subsequently, a set of `filters' are applied on the detected events to prioritize them based on potential severity, and to drill-down upon the events "nature" (e.g., event burstiness) and "root-location(s)" (e.g., edge or core location affinity). To validate our scheme, we use traceroute information and one-way delay measurements collected over 3 months between the various U.S. Department of Energy national lab network locations, published via perfSONAR web services. Further, using real-world case studies, we show how our scheme can provide helpful insights for detection, visualization and diagnosis of correlated network anomaly events, and can ultimately save time, effort, and costs spent on network management.