A Distributed and Reliable Platform for Adaptive Anomaly Detection in IP Networks

Authors:
L. Lawrence Ho;Christopher J. Macey;Ronald Hiller
Affiliations:
-;-;-
Venue:
DSOM '99 Proceedings of the 10th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Active Technologies for Network and Service Management
Year:
1999

Citing 17
Cited 1

Fault detection in an Ethernet network using anomaly signature matching

SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Schemes for fault identification in communication networks

IEEE/ACM Transactions on Networking (TON)
Fault isolation and event correlation for integrated fault management

Proceedings of the fifth IFIP/IEEE international symposium on Integrated network management V : integrated management in a virtual world: integrated management in a virtual world
SNMP,SNMPV2,Snmpv3,and RMON 1 and 2

SNMP,SNMPV2,Snmpv3,and RMON 1 and 2
Troubleshooting Internetworks: Tools, Techniques, and Protocols

Troubleshooting Internetworks: Tools, Techniques, and Protocols
Managing IP Networks With Cisco Routers

Managing IP Networks With Cisco Routers
Cisco Router Configuration and Troubleshooting

Cisco Router Configuration and Troubleshooting
Telecommunications Network Management into the 21st Century: Techniques, Standards, Technologies, and Applications

Telecommunications Network Management into the 21st Century: Techniques, Standards, Technologies, and Applications
Intelligent Agents for Proactive Fault Detection

IEEE Internet Computing
An Approach to On-line Predictive Detection

MASCOTS '00 Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Proactive Network Fault Detection

INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
High speed and robust event correlation

IEEE Communications Magazine
RSVP and integrated services in the Internet: a tutorial

IEEE Communications Magazine
Beyond best effort: router architectures for the differentiated services of tomorrow's Internet

IEEE Communications Magazine
Adaptive and automated detection of service anomalies in transaction-oriented WANs: network analysis, algorithms, implementation, and deployment

IEEE Journal on Selected Areas in Communications
An architecture for monitoring, visualization, and control of gigabit networks

IEEE Network: The Magazine of Global Internetworking
A dynamic quality of service framework for video in broadband networks

IEEE Network: The Magazine of Global Internetworking

Distributed Management of High-Layer Protocols and Network Services through a Programmable Agent-Based Architecture

ICN '01 Proceedings of the First International Conference on Networking-Part 1

Quantified Score

Hi-index	0.00

Visualization

Abstract

Algorithms for anomaly detection in IP networks have been developed and a real-time distributed platform for anomaly detection has been implemented. These algorithms automatically and adaptively detect "soft" network faults (performance degradations) in IP networks. These algorithms are implemented as a reliable and fully distributed real-time software platform called NSAD (Network/Service Anomaly Detector). IP NSAD has the following novel features. First, it provides a flexible platform upon which preconstructed components can be mixed/matched and distributed (to different machines) to form a wide range of application specific and fully distributed anomaly detectors. Second, anomaly detection is performed on raw network observables (e.g., performance data such as MIB2 and RMON1/2 variables) and algebraic functions of the observables (objective functions), making NSAD an objective driven anomaly detection system of wide detection range and high detection sensitivity. Third, controlled testing demonstrates that NSAD is capable of detecting network anomalies reliably in IP networks.