An improved network performance anomaly detection and localization algorithm

In this paper, we introduce a network performance anomaly detection and localization method based on active probing, aiming at avoiding waste of unnecessary probes and reducing detecting time by decreasing selecting rounds in detection phase. We propose a method of classifying detection strategies in order to find a balance between extra calculation and link load. Also we optimized the procedures of one of the strategies so that instead of finding a local optimal solution, we get a global optimal approach. An algorithm that can adapt to multi anomaly link networks is proposed and several issues during detection phase were being discussed. Finally we simulate a former representative algorithm and our improved method on different network topologies. The results show that our improved algorithm outperforms the former one in both probe selecting rounds during detection phase by 10%.

[1]  Renata Teixeira,et al.  NetDiagnoser: troubleshooting network unreachabilities using end-to-end probes and routing data , 2007, CoNEXT '07.

[2]  Paul Barford,et al.  Network Performance Anomaly Detection and Localization , 2009, IEEE INFOCOM 2009.

[3]  Rajeev Rastogi,et al.  Robust Monitoring of Link Delays and Faults in IP Networks , 2003, IEEE/ACM Transactions on Networking.

[4]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[5]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[6]  Maitreya Natu,et al.  Application of adaptive probing for fault diagnosis in computer networks , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[7]  M. Natu,et al.  Efficient Probing Techniques for Fault Diagnosis , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[8]  Mark Crovella,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM '04.