Title :
Three levels network analysis for anomaly detection
Author :
Zarpelão, Bruno B. ; Mendes, Leonardo S. ; Proença, Mario L., Jr. ; Rodrigues, Joel J P C
Author_Institution :
Sch. of Electr. & Comput. Eng., Univ. of Campinas (UNICAMP), Campinas, Brazil
Abstract :
Anomaly detection is fundamental to ensure reliability and security in computer networks. In this work, it is proposed an anomaly detection system that monitors the network in three different levels. In the first one, data is collected from simple network management protocol (SNMP) objects and compared to profiles of normal traffic, in order to detect behavior changes. Second level of analysis includes a dependency graph that represents the relationships between SNMP objects. It is used to analyze first level alerts, confirming the occurrence of anomalies in device level. In the third level of analysis, second level alerts are grouped according to network topology information, and network administrators are informed about the context where the anomaly occurred. Tests were performed in a real network environment and good results were obtained.
Keywords :
computer network management; computer network reliability; graph theory; protocols; telecommunication network topology; telecommunication security; telecommunication traffic; SNMP objects; anomaly detection; computer network reliability; computer network security; dependency graph; first level alert analysis; network topology information; simple network management protocol; three level network analysis; traffic analysis; Computer displays; Computer network management; Computer network reliability; Computer security; Data security; Information analysis; Network topology; Object detection; Protocols; Telecommunication traffic;
Conference_Titel :
Software, Telecommunications & Computer Networks, 2009. SoftCOM 2009. 17th International Conference on
Conference_Location :
Hvar
Print_ISBN :
978-1-4244-4973-6
Electronic_ISBN :
978-953-290-015-6
