Inference of network anomaly propagation using spatio-temporal correlation

Journal of Network and Computer Applications

Volumn 35, Issue 6, 2012, Pages 1781-1792

  Amaral, Alexandre Aguiar ^a   Zarpelão, Bruno Bogaz ^a   Mendes, Leonardo De Souza ^a   Rodrigues, Joel José Puga Coelho ^b   Proença Jr , Mario Lemes ^c  

^a UNIVERSITY OF CAMPINAS   (Brazil)

^b UNIVERSITY OF BEIRA INTERIOR   (Portugal)

^c STATE UNIVERSITY OF LONDRINA   (Brazil)

Author keywords

Alarms; Anomaly propagation; DSNS; Noisy alarm

Indexed keywords

ALARM CORRELATION; ALARM REDUCTION; ALARMS; ANOMALY PROPAGATION; DSNS; GRAPHIC TOOL; NETWORK ADMINISTRATOR; NETWORK ANOMALIES; NETWORK ELEMENT; NETWORK STATUS; NETWORK TOPOLOGY; NOISY ALARM; ORIGIN AND DESTINATIONS; REAL TRAFFIC; ROOT CAUSE ANALYSIS; SPATIOTEMPORAL CORRELATION; TEMPORAL ATTRIBUTES; THREE-LAYER; VOLUME ANOMALIES;

ELECTRIC NETWORK TOPOLOGY; VISUALIZATION;

ALARM SYSTEMS;

EID: 84867519215     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2012.07.003     Document Type: Article

References (27)

1. M. Al-Kasassbeh, and M. Adda Network fault detection with Wiener filter-based agent Journal of Network and Computer Applications 32 4 2009 824 833
2. S.O. Al-Mamory, and H. Zhang Intrusion detection alarms reduction using root cause analysis and clustering Computer Communications 32 2 2009 419 430
3. Bellec JH, Kechadi MT. Towards a formal model for the network alarm correlation problem. In: Proceedings of the 6th WSEAS international conference on simulation, modeling and optimization, 2006, p. 458-63.
4. Costa R, Cachulo N, Cortez P. An intelligent alarm management system for large-scale telecommunication companies. In: Proceedings of the EPIA, 2009. p. 386-99.
5. Chyssler T, Burschak S, Semling M, Lingvall T, Burbeck K. Alarm reduction and correlation in intrusion detection systems. In: Proceedings of the detection of intrusions and malware & vulnerability assessment, GI SIG SIDAR workshop, vol. 46 of LNI, 2004. p. 9-24.
6. T. Cover, and J. Thomas Elements of information theory second ed. 2006 John Wiley & Sons
7. X.D. Hoang, J. Hu, and P. Bertok A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference Journal of Network and Computer Applications 32 6 2009 1219 1228
8. JUNG, Java Universal Network/Graph Framework. Available in: 〈http://jung.sourceforge.net/〉 (accessed 21.01.11).
9. I. Katzela, and M. Schwartz Schemes for fault identification in communication networks IEEE/ACM Transactions on Networking 3 1995 753 764
10. T. Li, and X. Li Novel alarm correlation analysis system based on association rules mining in telecommunication networks Proceedings of Information Sciences 108 16 2010 2960 2978
11. Y. Liao, V.R. Vemuri, and A. Pasos Adaptive anomaly detection with evolving connectionist systems Journal of Network and Computer Applications 30 1 2007 60 80
12. Mohamed AA, Basir O. Fusion based approach for distributed alarm correlation. In: Proceedings of the 2010s international conference on communication software and networks, 2010. p. 318-24.
13. L. Monacelli, and G. Reali Evolution of the codebook technique for automatic fault localization IEEE Communications Letters 15 4 2011 464 466
14. Ostinato. Packet/Traffic Generator and Analyzer. Available in: 〈http://code.google.com/p/ostinato/〉 (accessed 02.02.11).
15. Proença MLJr., Zarpelão BB, Mendes LS. Anomaly detection for network servers using digital signature of network segment. In: Advanced industrial conference on telecommunications, Lisboa. Advanced ICT 2005 proceedings - IEEE Computer Society, 2005. p. 290-5.
16. R. Perdisci, G. Giacinto, and F. Roli Alarm clustering for intrusion detection systems in computer networks. Engineering Applications of Artificial Intelligence Journal Engineering Applications of Artificial Intelligence 19 4 2006 429 438
17. T. Qin, X. Guan, W. Li, P. Wang, and Qiuzhen Huang Monitoring abnormal network traffic based on blind source separation approach Journal of Network and Computer Applications 34 5 2011 1732 1742
18. M. Steinder, and A.A. Sethi A survey of fault localization techniques in computer networks Science of Computer Programming 53 2 2004 165 194
19. Tellenbach B, Burkhart M, Sornette D, Maillart T. Beyond Shannon: characterizing internet traffic with generalized entropy metrics. In: Proceedings of the 10th international conference on passive and active network measurement, 2009. p. 239-48.
20. C. Tsallis Possible generalization of Boltzmann-Gibbs statistics Statistical Physics 52 1-2 1988 479 487
21. G.C. Tjhai, S. Furnell, M. Papadaki, and N.L. Clarke A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm Proceedings of Computers & Security 2010 712 723
22. M. Thottan, and C. Ji Anomaly detection in IP networks IEEE Transactions on Signal Processing 51 2003 2191 2204
23. Y. Tang, E. Al-Shaer, and R. Boutaba Efficient fault diagnosis using incremental alarm correlation and active investigation for internet and overlay networks IEEE Transactions on Network and Service Management 5 1 2008 36 49
24. P. Varga, and I. Moldovan Integration of service-level monitoring with fault management for end-to-end multi-provider ethernet services Proceedings of the IEEE Transactions on Network and Service Management 2007 28 38
25. A. Ziviani, A.T.A. Gomes, M.L. Monsores, P.S.S. Rodrigues, and A. Gomes Network anomaly detection using nonextensive entropy IEEE Communications Letters 11 12 2007 1034 1036
26. Zarpelão BB, Mendes LS, Proença ML Jr, Rodrigues JPC. Parameterized anomaly detection system with automatic configuration, IEEE global communications conference (IEEE GLOBECOM 2009), Communications Software and Services Symposium, Honolulu, Hawaii, USA, 2009.
27. C.V. Zhou, C. Leckie, and S. Karunasekera Decentralized multi-dimensional alert correlation for collaborative intrusion detection Journal of Network and Computer Applications 32 5 2009 1106 1123