Anomaly Detection Using DSNS and a Dependency Graph for SNMP Objects

Author

Zarpelao, B.B. ; de Souza Mendes, Leonardo ; Proenca, Mario L.

Author_Institution

Sch. of Electr. & Comput. Eng., State Univ. of Campinas, Campinas

fYear

2008

fDate

8-13 June 2008

Firstpage

56

Lastpage

63

Abstract

This paper addresses the problem of detecting anomalies in computer networks. Anomalies are significant changes in traffic levels, which can cause grave consequences to the execution of services offered by the network. The main characteristics of the anomaly detection system proposed in this work are: (i) application of the DSNS (digital signature of network segment), in order to detect the traffic behavior deviations, (ii) application of a dependency graph that represents the relations between the SNMP objects, in order to correlate the alarms generated for different objects. The results obtained from initial tests performed in a real environment were encouraging. They showed that our system is able to detect anomalies on the monitored network elements, avoiding the high false alarms rate.

Keywords

alarm systems; computer networks; telecommunication services; telecommunication traffic; DSNS; SNMP objects; anomaly detection system; digital signature of network segment; Alarm systems; Application software; Character generation; Computer crime; Computer networks; Computer science; Digital signatures; Object detection; Telecommunication computing; Telecommunication traffic; MIB-II; SNMP; anomaly detection; computer network management;

fLanguage

English

Publisher

ieee

Conference_Titel

Telecommunications, 2008. AICT '08. Fourth Advanced International Conference on

Conference_Location

Athens

Print_ISBN

978-0-7695-3162-5

Electronic_ISBN

978-0-7695-3162-5

Type

conf

DOI

10.1109/AICT.2008.22

Filename

4545504