Cited By
View all- Chandola VBanerjee AKumar V(2009)Anomaly detectionACM Computing Surveys (CSUR)10.1145/1541880.154188241:3(1-58)Online publication date: 30-Jul-2009
A Distributed and Reliable Platform for Adaptive Anomaly Detection in IP Networks
Abstract
Algorithms for anomaly detection in IP networks have been developed and a real-time distributed platform for anomaly detection has been implemented. These algorithms automatically and adaptively detect "soft" network faults (performance degradations) in IP networks. These algorithms are implemented as a reliable and fully distributed real-time software platform called NSAD (Network/Service Anomaly Detector). IP NSAD has the following novel features. First, it provides a flexible platform upon which preconstructed components can be mixed/matched and distributed (to different machines) to form a wide range of application specific and fully distributed anomaly detectors. Second, anomaly detection is performed on raw network observables (e.g., performance data such as MIB2 and RMON1/2 variables) and algebraic functions of the observables (objective functions), making NSAD an objective driven anomaly detection system of wide detection range and high detection sensitivity. Third, controlled testing demonstrates that NSAD is capable of detecting network anomalies reliably in IP networks.
References
[1]
Ho, L.L., Cavuto, D.J., Papavassiliou, S., Hasan, M.Z., Feather, F.E., Zawadzki, A.G., "Adaptive Network/Service Fault Detection in Transaction-Oriented Wide Area Networks," Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management (IM'99), Edt. M. Sloman, S. Mazumdar, and E. Lupu, (IEEE Press), to appear in May 1999.
[2]
Ho, L.L., Cavuto, D.J., Papavassiliou, S., Zawadzki, A.G., "Adaptive and Automated Detection of Network/Service Anomalies in Wide Area Networks," Journal of Network and Systems Management, to appear in 1999.
[3]
Thottan, M., Ji, C., "Fault Prediction at the Network Layer using Intelligent Agents," Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management (IM'99), Edt. M. Sloman, S. Mazumdar, and E. Lupu, (IEEE Press), to appear in May 1999.
[4]
Hood, C. and Ji, C., "Intelligent Processing Agents for Network Fault Detection", IEEE Internet Computing, Vol. 2, No. 2, March/April 1998.
[5]
Hellerstein, J.L., Zhang, F., Shahabuddin, P., "An Approach to Predictive Detection for Service Management," Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management (IM'99), Edt. M. Sloman, S. Mazumdar, and E. Lupu (IEEE Press), to appear in May 1999.
[6]
Huberman, B.A., Lukose, R.M., "Social Dilemmas and Internet Congestion," Science, Vol. 277, p. 535, July 1997.
[7]
Held, G., LAN Testing and Troubleshooting: Reliability Tuning Techniques, John Wiley & Sons, 1996.
[8]
Ballew, S.M., Managing IP Networks, O'Reilly & Associates, 1997.
[9]
Miller, M.A., Troubleshooting Internetworks, M&T Publishing, 1991.
[10]
Espinosa, R., Tripod, M., Tomic, S., Cisco Router Configuration & Troubleshooting, New Riders, 1998.
[11]
Kumar, V.P., Lakshman, T.V., Stiliadis, D., "Beyond Best-Effort: Gigabit Routers for Tomorrow's Internet," IEEE Communications Magazine, V36(5), p152, May 1998.
[12]
White, P.P., "RSVP and Integrated Services in the Internet: A Tutorial," IEEE Communications Magazine, V35(5), p100, 1997.
[13]
Reininger, D., "A Dynamic Quality of Service Framework for Video in Broadband Networks," IEEE Network, V12(6), p22, 1998.
[14]
Lazar, A.A., Wang, W., Deng, R., "Models and Algorithms for Network Fault Detection and Identification: A Review," ICC Singapore, Nov. 1992.
[15]
Parulkar, G., Schmidt, D., Kraemer, E., Turner, J., Kantawala, A., "An Architecture for Monitoring, Visualization, and Control of Gigabit Networks," IEEE Networks, p.34, Sept/Oct, 1997.
[16]
Katzela, I. Schwartz, M., "Schemes for Fault Identification in Communication Networks," IEEE/ACM Trans. Networking, Vol. 3(6), p.753, Dec, 1995.
[17]
Aidarous, S. (Edt.), Plevyak (Edt.), "Telecommunications Network Management: Technologies and Implementations," IEEE Series on Network Management, (IEEE Press, 1998).
[18]
Aidarous, S. (Edt.), Plevyak (Edt.), "Telecommunications Network Management into the 21st Century: Techniques, Standards, Technologies, and Applications," (IEEE Press, 1994).
[19]
Yemini, S., Kliger, S., Mozes, E., Yemini, Y., Ohsie, D., "High Speed and Robust Event Corrrelation," IEEE Communication Magazine, May 1996.
[20]
Wang, C., Schwartz, M., "Fault Diagnosis of Network Connectivity Problems by Probabilistic Reasoning," Network Management and Control Volume Two (Ed. Frisch, I.T., Malek, M., Panwar, S.S.), p.67, (Plenum Press 1994).
[21]
Dawes, N., Altoft, J., Pagurek, B., "Network Diagnosis by Reasoning in Uncertain Nested Evidence Spaces," IEEE Transactions on Communications, Vol. 43, p.466, 1995.
[22]
Cortes, C., Jackel, L.D., Chiang, W., "Limits on Learning Machine Accuracy Imposed by Data Quality," Proceedings of NIPS94 - Neural Information Processing Systems: Natural and Synthetic Pagination, p. 239, (MIT Press 1994).
[23]
Cox, R.M., "Detecting Lost Billing Records Using Kalman Filters," AT&T Labs Preprint (submitted), Oct. 1997.
[24]
Feather, F.E., Siewiorek, D., Maxion, R., "Fault Detection in an Ethernet Using Anomaly Signature Matching," ACM SIGCOMM'93, 23(4), 1993.
[25]
Maxion, R., Feather, F.E., "A Case Study of Ethernet Anomalies in a Distributed Computing Environment," IEEE Transactions on Reliability, 39(4), Oct 1990.
[26]
Hood, C., Ji, C., "Proactive Network Fault Detection," IEEE Trans. Reliability, Vol. 46, No. 3, p.333, 1997.
[27]
Hood, C., Ji, C., "Proactive Network Fault Detection," Proceeding IEEE INFOCOM, 1997.
[28]
Jakobson, G., Weissman, M.D., "Alarm Correlation," IEEE Network, p. 52, Nov 1993.
[29]
Katker, S., Paterok, M., "Fault Isolation and Event Correlation for Integrated Fault Management," Proceedings of the Fifth IFIP/IEEE International Symposium on Integrated Network Management, p. 583, 1997.
[30]
Hasan, M.Z., Sugla, B., Viswanathan, R., "A Conceptual Framework for Network Management Event Correlation and Filtering System," Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management (IM'99), Edt. Edt. M. Sloman, S. Mazumdar, and E. Lupu, (IEEE Press), to appear in May 1999.
[31]
Stallings, W., "SNMP, SNMPv2, SNMPv3, and RMON 1 and 2," (Addison-Wesley, 1999).
[32]
Ho, L.L., Macey, C., Hiller, R., in preparation, 1999.
Index Terms
- A Distributed and Reliable Platform for Adaptive Anomaly Detection in IP Networks
Index terms have been assigned to the content through auto-classification.
Recommendations
Adaptive Anomaly Detection in Transaction-Oriented Networks
Adaptive algorithms for real-time and proactive detection of network/service anomalies, i.e., soft performance degradations, in transaction-oriented wide area networks (WANs) have been developed. These algorithms (i) adaptively sample and aggregate raw ...
Anomaly detection in IP networks
Network anomaly detection is a vibrant research area. Researchers have approached this problem using various techniques such as artificial intelligence, machine learning, and state machine modeling. In this paper, we first review these anomaly detection ...
Autoencoder with Adaptive Loss Function for Supervised Anomaly Detection
AbstractWhen anomaly detection is applied to a product inspection process, it is often the case that the system initially has no anomaly data, but acquires anomaly data during operation. In such cases, an unsupervised learning-based anomaly detection ...
Comments
Information & Contributors
Information
Published In
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 11 October 1999
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 26 Jul 2024
Other Metrics
Citations
Cited By
View all- Chandola VBanerjee AKumar V(2009)Anomaly detectionACM Computing Surveys (CSUR)10.1145/1541880.154188241:3(1-58)Online publication date: 30-Jul-2009
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in