Title :
Network anomaly diagnosis via statistical analysis and evidential reasoning
Author :
Samaan, Nancy ; Karmouch, Ahmed
Author_Institution :
Sch. of Inf. Technol. & Eng. (SITE), Univ. of Ottawa, Ottawa, ON
fDate :
6/1/2008 12:00:00 AM
Abstract :
This paper investigates the efficiency of diagnosing network anomalies using concepts of statistical analysis and evidential reasoning. A bi-cycle of auto-regression is first applied to model increments in the values of network monitoring variables to accurately detect network anomalies. To classify the rootcause of the detected anomalies, concepts of evidential reasoning of Dempster-Shafer theory are employed; the root-cause of a network failure is inferred by gathering pieces of evidence concerning different groups of candidate failures obtained from a training set of detected anomalies and their corresponding root-causes. These groups are then refined to infer the exact cause of failure when evidence accumulates using the Dempster rule of combinations. To handle cases of imbalanced training sets, two new approaches for assigning belief values to different anomaly classes are also proposed. Performance analysis and results demonstrate the accuracy of the proposed scheme in detecting anomalies using real data.
Keywords :
computer network management; inference mechanisms; security of data; statistical analysis; telecommunication security; Dempster-Shafer theory; auto-regression; evidential reasoning; network anomaly detection; network anomaly diagnosis; network failure; network management; network monitoring variables; performance analysis; statistical analysis; Condition monitoring; Humans; Management training; Manufacturing; Medical services; Mission critical systems; Performance analysis; Protocols; Statistical analysis; Transportation; Anomaly detection; Dempster-Shafer theory; network management;
Journal_Title :
Network and Service Management, IEEE Transactions on
DOI :
10.1109/TNSM.2008.021103
