Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Anomaly Detection Aiming Pro-Active Management of Computer Network Based on Digital Signature of Network Segment

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Detecting anomalies accurately is fundamental to rapid diagnosis and repair of problems. This paper proposes a novel Anomaly detection system based on the comparison of real traffic and DSNS (Digital Signature of Network Segment), generated by BLGBA (Baseline for Automatic Backbone Management) model, within a hysteresis interval using the residual mean and on the correlation of the detected deviations. Extensive experimental results on real network servers confirmed that our system is able to detect anomalies on the monitored devices, avoiding the high false alarms rate.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.

Similar content being viewed by others

REFERENCES

  1. H. Hajji, Baselining Network Traffic and Online Faults Detection, IEEE International Conference on Communications, 2003 (ICC ‘03), vol. 1, pp. 301–308, 2003.

    Article  Google Scholar 

  2. X. Qin, W. Lee, L. Lewis, and J. B. D. Cabrera, Integrating Intrusion Detection and Network Management, Network Operations and Management Symposium, 2002, pp. 329–344, 2002.

  3. M. Thottan and C. Ji, Anomaly Detection in IP Networks, IEEE Transactions on Signal Processing, vol. 51, no. 8, pp. 2191–2204, 2003.

    Article  Google Scholar 

  4. J. Jiang and S. Papavassiliou, Detecting Network Attacks in the Internet via Statistical Network Traffic Normally Prediction, Journal of Network and Systems Management, vol. 12, pp. 51–72, 2004.

    Article  Google Scholar 

  5. A. Lakhina, M. Crovella, and C. Diot, Characterization of Network-Wide Traffic Anomalies in Traffic Flows, Proceedings of the 4th ACM SIGCOMM Internet Measurement Conference (IMC’04), pp. 201–206, 2004.

  6. M. Roughan, T. Griffin, Z. M. Mao, A. Greenberg, and B. Freeman, IP Forwarding Anomalies and Improving their Detection Using Multiple Data Sources, Proceedings of the ACM SIGCOMM Workshop on Network Troubleshooting: Research, Theory and Operations Practice Meet Malfunctioning Reality, pp. 307–312, 2004.

  7. A. Soule, K. Salamatian, and N. Taft, Combining Filtering and Statistical Methods for Anomaly Detection, Proceedings of the ACM SIGCOMM Internet Measurement Conference 2005 (IMC’05), pp. 331–344, 2005.

  8. Y. Zhang, Z. Ge, A. Greenberg, and M. Roughan, Network Anomography, Proceedings of the ACM SIGCOMM Internet Measurement Conference 2005 (IMC’05), pp. 317–330, 2005.

  9. P. Barford, J. Kline, D. Plonka, and A. Ron, A Signal Analysis of Network Traffic Anomalies, Proceedings of the ACM SIGCOMM Internet Measurement Workshop (IMW’02), pp. 71–82, 2002.

  10. B. Krishnamurthy, S. Subhabrata, Z. Zhang, and Y. Chen, Sketch-based Change Detection: Methods, Evaluation and Applications, Proceedings of the 3rd ACM SIGCOMM Internet Measurement Conference (IMC’03), pp. 234–247, 2003.

  11. C. C. Michael, Finding the Vocabulary of Program Behavior Data for Anomaly Detection, Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX’03), pp. 2–12, 2003.

  12. N. Wu and J. Zhang, Factor Analysis Based Anomaly Detection, Proceedings of the 2003 IEEE Workshop on Information Assurance, pp. 108–115, 2003.

  13. Z. M. U. Abusina, S. M. S. Zabir, A. Ashir, D. Chakraborty, T. Suganuma, and N. Shiratori, An Engineering Approach to Dynamic Prediction of Network Performance from Application Logs, International Journal of Network Management, vol. 15, pp. 151–162, 2005.

    Article  Google Scholar 

  14. M. L. Proença Jr., C. Coppelmans, M. Bottoli, A. Alberti, and L. de Souza Mendes, The Hurst Parameter for Digital Signature of Network Segment, 11th International Conference on Telecommunications 2004 (ICT 2004) Springer-Verlag in the LNCS series, pp. 772–781, 2004.

  15. M. L. Proença Jr., C. Coppelmans, M. Bottoli, and L. de Souza Mendes, Baseline to Help With Network Management, ICETE 2004 – Proceedings of International Conference on E-business and Telecommunication Networks, 2004.

  16. W. Stallings, SNMP, SNMPv2, SNMPv3, and RMON 1 and 2, 3, Addison-Wesley, 1998.

  17. K. McCloghrie and M. Rose, Management Information Base for Network Management of TCP/IP-based internet: MIB-II, RFC 1213, 1991.

  18. J. B. D. Cabrera, L. Lewis, X. Qin, W. Lee, R. K. Prasanth, B. Ravichandran, and R. K. Mehra, Proactive Detection of Distributed Denial of Service Attacks using MIB Traffic Variables – A Feasibility Study, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings, pp. 609–622, 2001.

  19. J. Jung, B. Krishnamurthy, and M. Rabinovich, Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDN’s and Web Sites, Proceedings of the Eleventh International Conference on World Wide Web, pp. 293–304, 2002.

Download references

ACKNOWLEDGEMENTS

Our thanks to The State of São Paulo Research Foundation (FAPESP) that supports this work.

Author information

Authors and Affiliations

  1. School of Electrical and Computer Engineering (FEEC), State University of Campinas (UNICAMP), Avenida Albert Einstein, 400, Cidade Universitária, 13083-852, Campinas, SP, Brazil

    Bruno Bogaz Zarpelão & Leonardo de Souza Mendes

  2. Computer Science Department, State University of Londrina (UEL), PO Box 6001, 86051-990, Londrina, PR, Brazil

    Mario Lemes Proença Jr.

Authors
  1. Bruno Bogaz Zarpelão
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leonardo de Souza Mendes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mario Lemes Proença Jr.
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bruno Bogaz Zarpelão.

Additional information

Bruno Bogaz Zarpelão received his B.S. degree in Computer Science from State University of Londrina, Brazil. He is currently pursuing his Ph.D. in Electrical Engineering at School of Electrical and Computer Engineering from State University of Campinas, Brazil. His research interests include Computer Network Management and Operations and Anomaly Detection using SNMP and MIB-II.

Leonardo de Souza Mendes received his B.S. degree in 1985 from the Gama Filho University, Rio de Janeiro, his M.S. degree in 1987 from the Catholic University of Rio de Janeiro, and his Ph.D. degree in 1991 from Syracuse University, all in Electrical Engineering. In 1992 he joined the School of Electrical Engineering of the State University of Campinas, Brazil. Prof. Mendes’s recent R&D focus is in the studies and development of Communications Engineering applications for metropolitan IP networks.

Mario Lemes Proença Jr. received his M.Sc. degree in Computer Science from the Computer Science Institute of Federal University of Rio Grande do Sul, Porto Alegre, Brazil, in 1998 and his Ph.D. degree in Electrical Engineering from School of Electrical and Computer Engineering of State University of Campinas, Brazil in 2005. His research interests include Computer Network, Network Operations and Management and Security. He currently is leader of the group of research in computer networks of Computer Science Department of State University of Londrina.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zarpelão, B., Mendes, L. & Proença Jr., M. Anomaly Detection Aiming Pro-Active Management of Computer Network Based on Digital Signature of Network Segment. J Netw Syst Manage 15, 267–283 (2007). https://doi.org/10.1007/s10922-007-9064-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-007-9064-y

KEY WORDS:

Search

Navigation