Network Anomaly Diagnosis Analysis methodology March 23 rd, 2006.

Slides:

Advertisements

Similar presentations

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Advertisements

TCP Vegas: New Techniques for Congestion Detection and Control.

EE 4272Spring, 2003 Chapter 12 Congestion in Data Networks Effect of Congestion Control  Ideal Performance  Practical Performance Congestion Control.

TELE202 Lecture 8 Congestion control 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »X.25 »Source: chapter 10 ¥This Lecture »Congestion control »Source:

Congestion Control Algorithms

William Stallings Data and Computer Communications 7 th Edition Chapter 13 Congestion in Data Networks.

24-1 Chapter 24. Congestion Control and Quality of Service (part 1) 23.1 Data Traffic 23.2 Congestion 23.3 Congestion Control 23.4 Two Examples.

Sensor network Routing protocol A study on LEACH protocol and how to improve it.

Part IV: BGP Routing Instability. March 8, BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

Path Optimization in Computer Networks Roman Ciloci.

June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.

Data Mining and Intrusion Detection

1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.

Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.

An Algebraic Approach to Practical and Scalable Overlay Network Monitoring Yan Chen, David Bindel, Hanhee Song, Randy H. Katz Presented by Mahesh Balakrishnan.

Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

The max-divergence of E’ is: Intuitively, p-divergence of d means that the probability of at least X E’,p edges occurring p-recently is 1/d A (maximal)

1 End-to-End Detection of Shared Bottlenecks Sridhar Machiraju and Weidong Cui Sahara Winter Retreat 2003.

Measurement and Monitoring Nick Feamster Georgia Tech.

Semester Copyright USM EEE449 Computer Networks Congestion En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex, UK) Room.

Chapter 11 Network Models. What You Need to Know For each of the three models: –What is the model? (what are given and what is to calculate) –What is.

TCP Congestion Control

What is Actual Internet Speed? Seung Il Lee Network Engineer NTT Com ICT Solutions.

MAP BASED ROUTING IN LARGE SCALE URBAN VEHICLE NETWORKS.

Exploiting indirect neighbors and topological weight to predict protein function from protein– protein interactions Hon Nian Chua, Wing-Kin Sung and Limsoon.

Anomaly detection Problem motivation Machine Learning.

Reading Report 14 Yin Chen 14 Apr 2004 Reference: Internet Service Performance: Data Analysis and Visualization, Cross-Industry Working Team, July, 2000.

Routing Security in Wireless Ad Hoc Networks Chris Zingraf, Charisse Scott, Eileen Hindmon.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Met Alert Tool (MAT). Introduction What is MAT? –Met Alert Tool (MAT) monitors and alerts the user to weather conditions exceeding thresholds (for example,

EVENT MANAGEMENT IN MULTIVARIATE STREAMING SENSOR DATA National and Kapodistrian University of Athens.

© 2005 Ritsumeikan Univ. All Rights Reserved. Embedded Action Detector to Enhance Freedom from Care Ritsumeikan University Graduate School of Computer.

Computer Networks Performance Metrics. Performance Metrics Outline Generic Performance Metrics Network performance Measures Components of Hop and End-to-End.

DoWitcher: Effective Worm Detection and Containment in the Internet Core S. Ranjan et. al in INFOCOM 2007 Presented by: Sailesh Kumar.

Connect. Communicate. Collaborate Experiences with tools for network anomaly detection in the GÉANT2 core Maurizio Molina, DANTE COST TMA tech. Seminar.

10/24/2015Anue Systems, Inc. 1 v Telecommunications Industry AssociationTR-30.3/ Lake Buena Vista, FL December.

Bob Knowledge Plane -- Scaling of the WHY App Bob Braden, ISI 24 Sept 03.

Energy-Efficient Monitoring of Extreme Values in Sensor Networks Loo, Kin Kong 10 May, 2007.

Connect. Communicate. Collaborate Hades – Going Operational Roland Karch, RRZE FAU Erlangen-Nürnberg JRA1 Montpellier Meeting, October 2006.

Interconnect simulation. Different levels for Evaluating an architecture Numerical models – Mathematic formulations to obtain performance characteristics.

Interconnect simulation. Different levels for Evaluating an architecture Numerical models – Mathematic formulations to obtain performance characteristics.

Using Information Technology to Reduce Traffic Jam in a Highly Traffic Congested City Sayed Ahmed and Rasit Eskicioglu We propose a cost effective and.

A Power Assignment Method for Multi-Sink WSN with Outage Probability Constraints Marcelo E. Pellenz*, Edgard Jamhour*, Manoel C. Penna*, Richard D. Souza.

Deadline-based Resource Management for Information- Centric Networks Somaya Arianfar, Pasi Sarolahti, Jörg Ott Aalto University, Department of Communications.

Mitigating Routing Misbehavior in Mobile Ad Hoc Networks Sergio Marti, T.J. Giuli, Kevin.

Frequency Analysis of Protocols Dr. Craig Partridge BBN Technologies.

Networking Components Assignment 3 Corbin Watkins.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Congestion Control 0.

1 Effective Diagnosis of Routing Disruptions from End Systems Ying Zhang Z. Morley Mao Ming Zhang.

An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.

Distributed Network Monitoring in the Wisconsin Advanced Internet Lab Paul Barford Computer Science Department University of Wisconsin – Madison Spring,

Interaction and Animation on Geolocalization Based Network Topology by Engin Arslan.

PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services Ming Zhang, Chi Zhang Vivek Pai, Larry Peterson, Randy Wang Princeton.

Advanced Network Tap application for

Congestion Control in Data Networks and Internets

Simple Parity Check The simplest form of error detection is the parity check used with ASCII codes, originally on asynchronous modem links Each 7 bit ASCII.

Monitoring Persistently Congested Internet Links

Topics discussed in this section:

Jian Wu (University of Michigan)

Predicting Interface Failures For Better Traffic Management.

Network Tools and Utilities

What Are Routers? Routers are an intermediate system at the network layer that is used to connect networks together based on a common network layer protocol.

Routers Multiport connectivity device

Congestion Control, Quality of Service, & Internetworking

Figure Areas in an autonomous system

Chapter 11. Frame Relay Background Frame Relay Protocol Architecture

Jia-Bin Huang Virginia Tech

Research Issues in Middleware (Bhaskar)

Presentation transcript:

Network Anomaly Diagnosis Analysis methodology March 23 rd, 2006

List of anomalies 1.route change 2.network congestion traffic burst and sustained load for long time 3. outage 4.host problems

Alternative-I use of k-means clustering algorithm on parameters like –history mean+-history sd. –trigger mean+-trigger sd –time stamp –trigger_buffer_length (time) Assumption: –RTT calculations show different behavior for route change, network congestion, outage [1][2] [1] Polly Huang, Anja Feldmann, Walter Willinger “A non-intrusive, wavelet- based approach to detecting network performance problems” [2] Todd Hansen, Jose Otero, Tony McGregor, Hans-Werner Brau, “Active Measurement Data Analysis Techniques.”

Alternative-I We need to check our dataset shows such behavior. Complete manual inspection of data will reveal the fact.

Alternative-II (route change) Let the time of alert is T. We define two thresholds X and Y. Now we have to find out that in a time period (T-X hours ) to (T+Y) was there one or more route change(s) or not. If there is a route change, at this time we say the event is because this. Later we may check for other causes as well.

Alternative-II (network congestion) We have data from node X to Y and vice versa, in most of the cases. Say, we have an alert for source X to destination Y at given time T. We must check that does any alert exit in similar time frame in opposite direction i.e., src Y to src X. Argument: it can be a host problem

Alternative-II (network congestion) Solution: a) If X is the monitoring node and Y is the monitored node, then which other nodes monitored by X share maximum path with Y. b) after getting these nodes, to find out whether those nodes experienced any alert during that period or not. c) if other nodes are also experiencing alert in the similar time frame than most probably it is because of congestion. Argument: what about if the congestion is in that part which is not shared by any other node?

Alternative-II (Outages) This may be fairly simple. when an alert occurs, we will have to find out in raw data that do we have significant gap between data (e.g., 3 hrs) at that time or not. If that gap exists it is an outage.

Alternative-II (Host problem) With current data set, maximum we can do is to say if there is no other anomaly then it is a host problem. In future work when host level monitoring tools are running on monitoring/monitored nodes we can say what kind of host problem it is.