• DocumentCode
    2220025
  • Title

    Three levels network analysis for anomaly detection

  • Author

    Zarpelão, Bruno B. ; Mendes, Leonardo S. ; Proença, Mario L., Jr. ; Rodrigues, Joel J P C

  • Author_Institution
    Sch. of Electr. & Comput. Eng., Univ. of Campinas (UNICAMP), Campinas, Brazil
  • fYear
    2009
  • fDate
    24-26 Sept. 2009
  • Firstpage
    281
  • Lastpage
    285
  • Abstract
    Anomaly detection is fundamental to ensure reliability and security in computer networks. In this work, it is proposed an anomaly detection system that monitors the network in three different levels. In the first one, data is collected from simple network management protocol (SNMP) objects and compared to profiles of normal traffic, in order to detect behavior changes. Second level of analysis includes a dependency graph that represents the relationships between SNMP objects. It is used to analyze first level alerts, confirming the occurrence of anomalies in device level. In the third level of analysis, second level alerts are grouped according to network topology information, and network administrators are informed about the context where the anomaly occurred. Tests were performed in a real network environment and good results were obtained.
  • Keywords
    computer network management; computer network reliability; graph theory; protocols; telecommunication network topology; telecommunication security; telecommunication traffic; SNMP objects; anomaly detection; computer network reliability; computer network security; dependency graph; first level alert analysis; network topology information; simple network management protocol; three level network analysis; traffic analysis; Computer displays; Computer network management; Computer network reliability; Computer security; Data security; Information analysis; Network topology; Object detection; Protocols; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software, Telecommunications & Computer Networks, 2009. SoftCOM 2009. 17th International Conference on
  • Conference_Location
    Hvar
  • Print_ISBN
    978-1-4244-4973-6
  • Electronic_ISBN
    978-953-290-015-6
  • Type

    conf

  • Filename
    5306888
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2220025