Fault diagnosis in DSL networks using support vector machines

The adequate operation for a number of service distribution networks relies on the effective maintenance and fault management of their underlay DSL infrastructure. Thus, new tools are required in order to adequately monitor and further diagnose anomalies that other segments of the DSL network cannot identify due to the pragmatic issues raised by hardware or software misconfigurations. In this work we present a fundamentally new approach for classifying known DSL-level anomalies by exploiting the properties of novelty detection via the employment of one-class Support Vector Machines (SVMs). By virtue of the imbalance residing in the training samples that consequently lead to problematic prediction outcomes when used within two-class formulations, we adopt the properties of one-class classification and construct models for independently identifying and classifying a single type of a DSL-level anomaly. Given the fact that the greater number of the installed Digital Subscriber Line Access Multiplexers (DSLAMs) within the DSL network of a large European ISP were misconfigured, thus unable to accurately flag anomalous events, we utilize as inference solutions the models derived by the one-class SVM formulations built by the known labels as flagged by the much smaller number of correctly configured DSLAMs in the same network in order to aid the classification aspect against the monitored unlabeled events. By reaching an average over 95% on a number of classification accuracy metrics such as precision, recall and F-score we show that one-class SVM classifiers overcome the biased classification outcomes achieved by the traditional two-class formulations and that they may constitute as viable and promising components within the design of future network fault management strategies. In addition, we demonstrate their superiority over commonly used two-class machine learning approaches such as Decision Trees and Bayesian Networks that has been used in the same context within past solutions.

[1]  Yin Zhang,et al.  Rapid detection of maintenance induced changes in service performance , 2011, CoNEXT '11.

[2]  Miguel R. D. Rodrigues,et al.  Towards the improvement of diagnostic metrics Fault diagnosis for DSL-Based IPTV networks using the Rényi entropy , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[3]  Xiaojin Zhu,et al.  --1 CONTENTS , 2006 .

[4]  T.E. Marques A symptom-driven expert system for isolating and correcting network faults , 1988, IEEE Communications Magazine.

[5]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[6]  Qi Zhao,et al.  Towards automated performance diagnosis in a large IPTV network , 2009, SIGCOMM '09.

[7]  E. Board Journal of Network and Systems Management , 2005, Journal of Network and Systems Management.

[8]  Carey L. Williamson,et al.  Identifying and discriminating between web and peer-to-peer traffic in the network core , 2007, WWW '07.

[9]  Zhi-Li Zhang,et al.  NEVERMIND, the problem is already fixed: proactively detecting and troubleshooting customer DSL problems , 2010, CoNEXT.

[10]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[11]  Lawrence Bernstein,et al.  Expert systems in network management-the second revolution , 1988, IEEE J. Sel. Areas Commun..

[12]  A. Rau-Chaplin,et al.  DAD: a real-time expert system for monitoring of data packet networks , 1988, IEEE Network.

[13]  Heikki Mannila,et al.  Rule Discovery in Telecommunication Alarm Data , 1999, Journal of Network and Systems Management.

[14]  Bin Zhang,et al.  Defining clusters from a hierarchical cluster tree: the Dynamic Tree Cut package for R , 2008, Bioinform..

[15]  Pallapa Venkataram,et al.  Artificial intelligence approaches to network management: recent advances and a survey , 1997, Comput. Commun..

[16]  Vyas Sekar,et al.  An empirical evaluation of entropy-based traffic anomaly detection , 2008, IMC '08.

[17]  David Hutchison,et al.  Autonomic diagnosis of anomalous network traffic , 2010, 2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[18]  L. Baum,et al.  A Maximization Technique Occurring in the Statistical Analysis of Probabilistic Functions of Markov Chains , 1970 .

[19]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[20]  A Saritha,et al.  A system for detecting network intruders in real-time , 2016 .

[21]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[22]  Chih-Jen Lin,et al.  A Practical Guide to Support Vector Classication , 2008 .

[23]  Miguel R. D. Rodrigues,et al.  On the comprehension of DSL SyncTrap events in IPTV networks , 2013, 2013 IEEE Symposium on Computers and Communications (ISCC).

[24]  Anirban Mahanti,et al.  Traffic classification using clustering algorithms , 2006, MineNet '06.

[25]  Harris Drucker,et al.  Support vector machines for spam categorization , 1999, IEEE Trans. Neural Networks.

[26]  Zeljko Deljac,et al.  The use of Bayesian networks in recognition of faults causes in the BB networks , 2010, The 33rd International Convention MIPRO.

[27]  David Hutchison,et al.  Detection and mitigation of abnormal traffic behaviour in autonomic networked environments , 2008, CoNEXT '08.

[28]  A. A. Covo,et al.  AI-assisted telecommunications network management , 1989, IEEE Global Telecommunications Conference, 1989, and Exhibition. 'Communications Technology for the 1990s and Beyond.

[29]  Amar Gupta,et al.  Principles of Expert Systems , 1988 .

[30]  A. S. Sethi,et al.  Bibliography on network management , 1989, CCRV.

[31]  Malgorzata Steinder,et al.  A survey of fault localization techniques in computer networks , 2004, Sci. Comput. Program..

[32]  David Hutchison,et al.  Internet traffic classification using energy time-frequency distributions , 2013, 2013 IEEE International Conference on Communications (ICC).

[33]  D. Freedman,et al.  On the histogram as a density estimator:L2 theory , 1981 .

[34]  Bernhard Schölkopf,et al.  Support Vector Method for Novelty Detection , 1999, NIPS.

[35]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[36]  H. Lilliefors On the Kolmogorov-Smirnov Test for Normality with Mean and Variance Unknown , 1967 .

[37]  M. Aizerman,et al.  Theoretical Foundations of the Potential Function Method in Pattern Recognition Learning , 1964 .

[38]  Kar-Wing Edward Lor,et al.  A Network Diagnostic Expert System for Acculink Multiplexers Based on a General Network Diagnostic Scheme , 1993, IFIP/IEEE Symposium on Integrated Network Management.

[39]  Michalis Faloutsos,et al.  Internet traffic classification demystified: myths, caveats, and the best practices , 2008, CoNEXT '08.

[40]  Michael I. Jordan,et al.  Failure diagnosis using decision trees , 2004 .

[41]  David Hutchison,et al.  Unsupervised two-class & multi-class support vector machines for abnormal traffic characterization. , 2009 .

[42]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[43]  Yanqing Zhang,et al.  SVMs Modeling for Highly Imbalanced Classification , 2009, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).