Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Anomaly Diagnosis Analysis methodology March 23 rd, 2006.

Published byBasil Hicks Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Anomaly Diagnosis Analysis methodology March 23 rd, 2006."— Presentation transcript:

1 Network Anomaly Diagnosis Analysis methodology March 23 rd, 2006

2 List of anomalies 1.route change 2.network congestion traffic burst and sustained load for long time 3. outage 4.host problems

3 Alternative-I use of k-means clustering algorithm on parameters like –history mean+-history sd. –trigger mean+-trigger sd –time stamp –trigger_buffer_length (time) Assumption: –RTT calculations show different behavior for route change, network congestion, outage [1][2] [1] Polly Huang, Anja Feldmann, Walter Willinger “A non-intrusive, wavelet- based approach to detecting network performance problems” [2] Todd Hansen, Jose Otero, Tony McGregor, Hans-Werner Brau, “Active Measurement Data Analysis Techniques.”

4 Alternative-I We need to check our dataset shows such behavior. Complete manual inspection of data will reveal the fact.

5 Alternative-II (route change) Let the time of alert is T. We define two thresholds X and Y. Now we have to find out that in a time period (T-X hours ) to (T+Y) was there one or more route change(s) or not. If there is a route change, at this time we say the event is because this. Later we may check for other causes as well.

6 Alternative-II (network congestion) We have data from node X to Y and vice versa, in most of the cases. Say, we have an alert for source X to destination Y at given time T. We must check that does any alert exit in similar time frame in opposite direction i.e., src Y to src X. Argument: it can be a host problem

7 Alternative-II (network congestion) Solution: a) If X is the monitoring node and Y is the monitored node, then which other nodes monitored by X share maximum path with Y. b) after getting these nodes, to find out whether those nodes experienced any alert during that period or not. c) if other nodes are also experiencing alert in the similar time frame than most probably it is because of congestion. Argument: what about if the congestion is in that part which is not shared by any other node?

8 Alternative-II (Outages) This may be fairly simple. when an alert occurs, we will have to find out in raw data that do we have significant gap between data (e.g., 3 hrs) at that time or not. If that gap exists it is an outage.

9 Alternative-II (Host problem) With current data set, maximum we can do is to say if there is no other anomaly then it is a host problem. In future work when host level monitoring tools are running on monitoring/monitored nodes we can say what kind of host problem it is.

Download ppt "Network Anomaly Diagnosis Analysis methodology March 23 rd, 2006."

Similar presentations

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
TCP Vegas: New Techniques for Congestion Detection and Control.

TCP Vegas: New Techniques for Congestion Detection and Control.
EE 4272Spring, 2003 Chapter 12 Congestion in Data Networks Effect of Congestion Control  Ideal Performance  Practical Performance Congestion Control.

EE 4272Spring, 2003 Chapter 12 Congestion in Data Networks Effect of Congestion Control  Ideal Performance  Practical Performance Congestion Control.
TELE202 Lecture 8 Congestion control 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »X.25 »Source: chapter 10 ¥This Lecture »Congestion control »Source:

TELE202 Lecture 8 Congestion control 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »X.25 »Source: chapter 10 ¥This Lecture »Congestion control »Source:
Congestion Control Algorithms

Congestion Control Algorithms
William Stallings Data and Computer Communications 7 th Edition Chapter 13 Congestion in Data Networks.

William Stallings Data and Computer Communications 7 th Edition Chapter 13 Congestion in Data Networks.
24-1 Chapter 24. Congestion Control and Quality of Service (part 1) 23.1 Data Traffic 23.2 Congestion 23.3 Congestion Control 23.4 Two Examples.

24-1 Chapter 24. Congestion Control and Quality of Service (part 1) 23.1 Data Traffic 23.2 Congestion 23.3 Congestion Control 23.4 Two Examples.
Sensor network Routing protocol A study on LEACH protocol and how to improve it.

Sensor network Routing protocol A study on LEACH protocol and how to improve it.
Part IV: BGP Routing Instability. March 8, 20042 BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.

Part IV: BGP Routing Instability. March 8, BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.
UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.

UNIT-IV Computer Network Network Layer. Network Layer Prepared by - ROHIT KOSHTA In the seven-layer OSI model of computer networking, the network layer.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
Path Optimization in Computer Networks Roman Ciloci.

Path Optimization in Computer Networks Roman Ciloci.
June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.

June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.
Data Mining and Intrusion Detection

Data Mining and Intrusion Detection
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.

1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.

Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.
An Algebraic Approach to Practical and Scalable Overlay Network Monitoring Yan Chen, David Bindel, Hanhee Song, Randy H. Katz Presented by Mahesh Balakrishnan.

An Algebraic Approach to Practical and Scalable Overlay Network Monitoring Yan Chen, David Bindel, Hanhee Song, Randy H. Katz Presented by Mahesh Balakrishnan.
Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
The max-divergence of E’ is: Intuitively, p-divergence of d means that the probability of at least X E’,p edges occurring p-recently is 1/d A (maximal)

The max-divergence of E’ is: Intuitively, p-divergence of d means that the probability of at least X E’,p edges occurring p-recently is 1/d A (maximal)
1 End-to-End Detection of Shared Bottlenecks Sridhar Machiraju and Weidong Cui Sahara Winter Retreat 2003.

1 End-to-End Detection of Shared Bottlenecks Sridhar Machiraju and Weidong Cui Sahara Winter Retreat 2003.

Similar presentations

Ads by Google