Early detection for networking anomalies using non-adaptive group testing

Monitoring operation of thousands of servers and network devices on big data centers or server farms are very important roles for administrators to ensure that it well-operates, early detection of anomalies, fast errors correcting and decreasing discontinuous network. Network monitoring system detects anomalies such as attacks, states of hosts or services, resources. The aim of this is recognizes network faults and attacks quickly. A method widely used for almost network monitoring systems is setup agents on servers, network devices and then establishing connections between them and monitoring servers using some protocols such as ICMP and SNMP. These servers send periodic requests to agents to get reports or agents send traps to network monitoring servers. With this method, it must long time to alert. We propose a solution to fast detecting some anomalies such as servers or devices operate with high frequency (called “hot IPs”) and low frequency (called “low IPs”) and it works independently to early warning for these anomalies using non-adaptive group testing method. In particular, if dealing with up to 260,000 IPs, we can detect up to 31 hot and low IPs within 2.5 minutes.