article

Free access

Fault detection in an Ethernet network using anomaly signature matching

Authors:

Frank Feather,

Dan Siewiorek,

Roy MaxionAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 23, Issue 4

Pages 279 - 288

https://doi.org/10.1145/167954.166264

Published: 01 October 1993 Publication History

PDF eReader

Abstract

In an Ethernet network, a common type of failure is the temporary of extended loss of bandwidth, or soft failure as it is referred to in the literature. Though the causes of soft failures vary, to the network user such failures are perceived as noticeably degraded or anomalous performance.This work uses anomaly detection as a means to signal performance degradations that are indicative of network soft failures. Detection is done via a signature matching mechanism, call a fault feature vector, which will detect the occurrence of a fault by looking for anomaly conditions particular to the fault. In a two-year study of the Carnegie Mellon University Computer Science Network the fault feature vector mechanism proved effective in detecting faults and discriminating between faults types. This mechanism was also effective at abstracting large amounts of network data to only those events which warranted operator attention; in this two-year study, over 32 million monitored data points were reduced to under a two hundred event matchings.

References

[1]

David R. Boggs, Jeffrey C. Mogul, and Christopher A Kent. Measured Capacity of an Ethernet: Myths and Reality. In $/GCOMM '88, Communications Architectures & Protocols. August, 1988.

Digital Library

Google Scholar

[2]

The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specifications (Version 1.0) Digital Equipment Corporation, Intel, and Xerox Corp., 1980.

Google Scholar

[3]

Frank E. Feather. Fault Detection in an Ethernet Network via Anomaly Detectors PhD thesis, Department of Electrical and Computer Engineering, Carnegie Mellon University, 1992.

Digital Library

Google Scholar

[4]

Jeffrey P. Hansen. The Use of Multi-Dimensional Parametric Behavior of a CSMA/CD Network for Network Diagnosis. PhD thesis, Department of Electrical and Computer Engineering, Carnegie Mellon University, 1992.

Digital Library

Google Scholar

[5]

Jean-Claude Laprie. Dependable Computing and Fault Tolerance: Concepts and Terminology~ in Twelfth International Conference on Fault Tolerant Computing Systems. 1985.

Google Scholar

[6]

John Leong. A Practical Guide to Ethernet. Tutorial, Local Network Technology. IEEE Computer Society Press, 1988.

Google Scholar

[7]

Roy Maxion. Unanticipated Behavior as a Cue for System-Level Diagnosis. In 8th International Pheonix Conference on Computers and Communications. IEEE, March, 1989.

Crossref

Google Scholar

[8]

Roy A. Maxion. Anomaly Detection for Diagnosis. In Twentieth International Symposium on Fault-Tolerant Computing. IEEE, March, 1990.

Google Scholar

[9]

R.A. Maxion and F.E. Feather. A Case Study of Ethernet Anomalies in a Distributed Computing Environment. IEEE Transactions on Reliability 39(4).433-443, 1990.

Crossref

Google Scholar

[10]

Donna Ritter and Marilyn Seale. A Multipurpose, Distributed LAN Traffic Monitoring Tool. IEEE Network 1(3), July, 1987

Google Scholar

[11]

Michael Soha. A Distributed Approach to LAN Monitoring Using Intelligent High Performance Monitors. IEEE Network 1(3), July, 1987.

Google Scholar

[12]

John A. Swats and Ronald M. Pickett. Evaluation of Diagnostic Systems. Academic Press, 1982.

Google Scholar

[13]

Andrew S. Tanenbaum. Computer Networks. Prentice-Hall, Englewood Cliffs, NJ, 1981.

Digital Library

Google Scholar

[14]

H.M. Wadsworth, K. S Stephens, and A. B. Godfrey. Modern Methods for Quality Control and Improvement. John Wiley & Sons, Inc., New York, 1986,

Google Scholar

Cited By

View all

Mendoza CMcGarry M(2023)Determining Most Likely Links (MLL) for Network Fault LocalizationIEEE Open Journal of the Communications Society10.1109/OJCOMS.2023.32446844(659-670)Online publication date: 2023
https://doi.org/10.1109/OJCOMS.2023.3244684
Mendoza CMcgarry M(2020)The Network Link Outlier Factor (NLOF) for Fault LocalizationIEEE Open Journal of the Communications Society10.1109/OJCOMS.2020.30256631(1539-1550)Online publication date: 2020
https://doi.org/10.1109/OJCOMS.2020.3025663
Jeske DStevens NWilson JTartakovsky A(2018)Statistical Network SurveillanceWiley StatsRef: Statistics Reference Online10.1002/9781118445112.stat08055(1-12)Online publication date: 14-Aug-2018
https://doi.org/10.1002/9781118445112.stat08055
Show More Cited By

Index Terms

Fault detection in an Ethernet network using anomaly signature matching

Recommendations

Fault detection in an Ethernet network using anomaly signature matching
SIGCOMM '93: Conference proceedings on Communications architectures, protocols and applications

In an Ethernet network, a common type of failure is the temporary of extended loss of bandwidth, or soft failure as it is referred to in the literature. Though the causes of soft failures vary, to the network user such failures are perceived as ...
Fault detection in an Ethernet network via anomaly detectors
Anomaly Detection in Embedded Systems
Special issue on fault-tolerant embedded systems

By employing fault tolerance, embedded systems can withstand both intentional and unintentional faults. Many fault-tolerance mechanisms are invoked only after a fault has been detected by whatever fault-detection mechanism is used, hence, the process of ...

Comments

Information & Contributors

Information

Published In

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 1993

Published in SIGCOMM-CCR Volume 23, Issue 4

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

80
Total Citations
View Citations
1,586
Total Downloads

Downloads (Last 12 months)119
Downloads (Last 6 weeks)14

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mendoza CMcGarry M(2023)Determining Most Likely Links (MLL) for Network Fault LocalizationIEEE Open Journal of the Communications Society10.1109/OJCOMS.2023.32446844(659-670)Online publication date: 2023
https://doi.org/10.1109/OJCOMS.2023.3244684
Mendoza CMcgarry M(2020)The Network Link Outlier Factor (NLOF) for Fault LocalizationIEEE Open Journal of the Communications Society10.1109/OJCOMS.2020.30256631(1539-1550)Online publication date: 2020
https://doi.org/10.1109/OJCOMS.2020.3025663
Jeske DStevens NWilson JTartakovsky A(2018)Statistical Network SurveillanceWiley StatsRef: Statistics Reference Online10.1002/9781118445112.stat08055(1-12)Online publication date: 14-Aug-2018
https://doi.org/10.1002/9781118445112.stat08055
Ashok APoornachandran PPal SSankar PSurendran K(2017)Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored networkJournal of Intelligent & Fuzzy Systems10.3233/JIFS-16923332:4(2901-2907)Online publication date: 29-Mar-2017
https://doi.org/10.3233/JIFS-169233
Fu YJeske D(2014)SPC methods for nonstationary correlated count data with application to network surveillanceApplied Stochastic Models in Business and Industry10.1002/asmb.203830:6(708-722)Online publication date: 15-May-2014
https://doi.org/10.1002/asmb.2038
Kučera AGlos PPitner T(2013)Fault Detection in Building management system networksIFAC Proceedings Volumes10.3182/20130925-3-CZ-3023.0002746:28(416-421)Online publication date: 2013
https://doi.org/10.3182/20130925-3-CZ-3023.00027
Abed HAl‐Fuqaha AKhan BRayes A(2013)Efficient failure prediction in autonomic networks based on trend and frequency analysis of anomalous patternsInternational Journal of Network Management10.1002/nem.182523:3(186-213)Online publication date: 30-May-2013
https://doi.org/10.1002/nem.1825
Haldar NAbulaish MPasha S(2012)A Statistical Pattern Mining Approach for Identifying Wireless Network IntrudersAdvances in Computing and Information Technology10.1007/978-3-642-31513-8_14(131-140)Online publication date: 2012
https://doi.org/10.1007/978-3-642-31513-8_14
He Tao Zhong Hao (2010)Periodic sequence in netflow recognizing algorithm2010 IEEE International Conference on Wireless Communications, Networking and Information Security10.1109/WCINS.2010.5541844(573-576)Online publication date: Jun-2010
https://doi.org/10.1109/WCINS.2010.5541844
Hashim FJamalipour A(2009)Forecasting-based sampling decision for accurate and scalable anomaly detectionProceedings of the 28th IEEE conference on Global telecommunications10.5555/1811380.1811494(691-696)Online publication date: 30-Nov-2009
https://dl.acm.org/doi/10.5555/1811380.1811494
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations