Combining routing and traffic data for detection of IP forwarding anomalies

  • Authors:
  • Matthew Roughan;Tim Griffin;Morley Mao;Albert Greenberg;Brian Freeman

  • Affiliations:
  • University of Adelaide;Intel Research Cambridge;University of Michigan;AT&T Research;AT&T Labs

  • Venue:
  • Proceedings of the joint international conference on Measurement and modeling of computer systems
  • Year:
  • 2004

Quantified Score

Hi-index 0.00

Visualization

Abstract

IP forwarding anomalies, triggered by equipment failures, implementation bugs, or configuration errors, can significantly disrupt and degrade network service. Robust and reliable detection of such anomalies is essential to rapid problem diagnosis, problem mitigation, and repair. We propose a simple, robust method that integrates routing and traffic data streams to reliably detect forwarding anomalies. The overall method is scalable, automated and self-training. We find this technique effectively identifies forwarding anomalies, while avoiding the high false alarms rate that would otherwise result if either stream were used unilaterally.