Automatically identifying the sources of large Internet events

The Internet occasionally experiences large disruptions, arising from both natural and manmade disturbances, and it is of significant interest to develop methods for locating within the network the source of a given disruption (i.e., the network element(s) whose perturbation initiated the event). This paper presents a near real-time approach to realizing this logical localization objective. The proposed methodology consists of three steps: 1.) data acquisition/preprocessing, in which publicly available measurements of Internet activity are acquired, “cleaned”, and assembled into a format suitable for computational analysis, 2.) event characterization via tensor factorization-based time series analysis, and 3.) localization of the source of the disruption through graph theoretic analysis. This procedure provides a principled, automated approach to identifying the root causes of network disruptions at “whole-Internet” scale. The considerable potential of the proposed analytic method is illustrated through a computer simulation study and empirical analysis of a recent, large-scale Internet disruption.