Artículos de revistas
Inference of network anomaly propagation using spatio-temporal correlation
Registro en:
Journal Of Network And Computer Applications. Academic Press Ltd- Elsevier Science Ltd, v. 35, n. 6, n. 1781, n. 1792, 2012.
1084-8045
WOS:000310670100011
10.1016/j.jnca.2012.07.003
Autor
Amaral, AA
Zarpelao, BB
Mendes, LD
Rodrigues, JJPC
Proenca, ML
Institución
Resumen
Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq) Many solutions have been proposed for network alarm correlation. However, they mainly have focused on alarm reduction and on root cause analysis. This paper presents an automated alarm correlation system composed of three layers, which obtains raw alarms and presents to network administrator a wide view of the scenario affected by the volume anomaly. In the preprocessing layer, it is performed the alarm compression using their spatial and temporal attributes, which are reduced into a unique alarm named Device Level Alarm (DLA). The correlation layer aims to infer the anomaly propagation path and its origin and destination using DLAs and network topology information. The presentation layer provides the visualization of the path and network elements affected by the anomaly propagation. Moreover, it is presented the Anomaly Propagation View (APV), a graphic tool developed to provide a wide visualization of the network status. In order to evaluate the effectiveness of the proposed solution, it was used real traffic data from State University of Londrina. (c) 2012 Elsevier Ltd. All rights reserved. 35 6 1781 1792 Instituto de Telecomunicacoes, Next Generation Networks and Applications Group (NetGNA), Portugal FCT-Fundacao para a Ciencia e a Tecnologia [PEst-OE/EEI/LA0008/2011] SETI/Fundacao Araucaria Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq) Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq) FCT-Fundacao para a Ciencia e a Tecnologia [PEst-OE/EEI/LA0008/2011]