Adaptive Anomaly Detection in Transaction-Oriented Networks

Authors:
L. Lawrence Ho;David J. Cavuto;Symeon Papavassiliou;Anthony G. Zawadzki
Affiliations:
Bell Laboratories, Lucent Technologies, 101 Crawfords Corner Road, Holmdel, New Jersey 07733. lawrenceho@aya.yale.edu;Bell Laboratories, Lucent Technologies, 101 Crawfords Corner Road, Holmdel, New Jersey 07733. cavuto@bell-labs.com;New Jersey Institute of Technology, Electrical and Computer Engineering, University Heights Newark, New Jersey 07102. symeon@megahertz.njit.edu;AT&T Labs, AT&T, 200 Laurel Ave. South, Middletown, New Jersey 07748. doose@att.com
Venue:
Journal of Network and Systems Management
Year:
2001

Citing 9
Cited 0

Fault detection in an Ethernet network using anomaly signature matching

SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Schemes for fault identification in communication networks

IEEE/ACM Transactions on Networking (TON)
Fault isolation and event correlation for integrated fault management

Proceedings of the fifth IFIP/IEEE international symposium on Integrated network management V : integrated management in a virtual world: integrated management in a virtual world
A Generic Model for Fault Isolation in IntegratedManagement Systems

Journal of Network and Systems Management
Empirical Evidence of Reliability Growth InLarge-Scale Networks

Journal of Network and Systems Management
Proactive Network Fault Detection

INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
High speed and robust event correlation

IEEE Communications Magazine
Neural fraud detection in credit card operations

IEEE Transactions on Neural Networks
An architecture for monitoring, visualization, and control of gigabit networks

IEEE Network: The Magazine of Global Internetworking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Adaptive algorithms for real-time and proactive detection of network/service anomalies, i.e., soft performance degradations, in transaction-oriented wide area networks (WANs) have been developed. These algorithms (i) adaptively sample and aggregate raw transaction records to compute service-class based traffic intensities, in which potential network anomalies are highlighted; (ii) construct dynamic and service-class based performance thresholds for detecting network and service anomalies; and (iii) perform service-class based and real-time network anomaly detection. These anomaly detection algorithms are implemented as a real-time software system called TRISTAN (\underline{\rm{Tr}}ansaction \underline{\rm{I}}n\underline{\rm{st}}antaneous \underline{\rm{A}}nomaly \underline{\rm{N}}otification), which is deployed in the AT&T Transaction Access Services (TAS) network. The TAS network is a commercially important, high volume (millions of transactions per day), multiple service classes (tens), hybrid telecom and data WAN that services transaction traffic such as credit card transactions in the US and neighboring countries. TRISTAN is demonstrated to be capable of automatically and adaptively detecting network/service anomalies and correctly identifying the corresponding "guilty" service classes in TAS. TRISTAN can detect network/service faults that elude detection by the traditional alarm-based network monitoring systems.