Application Error Detection in Networks by Protocol Behavior Model

The identification of causes of errors in network systems is difficult due to their inherent complexity. Network administrators usually rely on available information sources to analyze the current situation and identify possible problems. Even though they are able to identify the symptoms seen in the past and thus can apply their experience gathered from the solved cases the time needed to identify and correct the errors is considerable. The automation of the troubleshooting process is a way to reduce the time spent on individual cases. In this paper, the model that can be used to automate the diagnostic process of network communication is presented. The model is based on building the finite automaton to describe protocol behavior in various situations. The unknown communication is checked against the model to identify error states and associated descriptions of causes. The tool prototype was implemented in order to demonstrate the proposed method via a set of experiments.

[1]  Paulo Veríssimo,et al.  ReverX: Reverse Engineering of Protocols , 2011 .

[2]  Renata Teixeira,et al.  NetDiagnoser: troubleshooting network unreachabilities using end-to-end probes and routing data , 2007, CoNEXT '07.

[3]  Gergo Lodi,et al.  Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic , 2018, 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM).

[4]  Marco Mellia,et al.  Exploiting hybrid measurements for network troubleshooting , 2014, 2014 16th International Telecommunications Network Strategy and Planning Symposium (Networks).

[5]  Geoffrey M. Voelker,et al.  NetPrints: Diagnosing Home Network Misconfigurations Using Shared Knowledge , 2009, NSDI.

[6]  Ondrej Rysavý,et al.  Using Network Traces to Generate Models for Automatic Network Application Protocols Diagnostics , 2019, ICETE.

[7]  Marco Mellia,et al.  Big-DAMA: Big Data Analytics for Network Traffic Monitoring and Analysis , 2016, LANCOMM@SIGCOMM.

[8]  Giuseppe Lo Re,et al.  Rule based reasoning for network management , 2005, Seventh International Workshop on Computer Architecture for Machine Perception (CAMP'05).

[9]  Christopher Krügel,et al.  Prospex: Protocol Specification Extraction , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[10]  Benoît Dupasquier,et al.  Tranalyzer: Versatile high performance network traffic analyser , 2016, 2016 IEEE Symposium Series on Computational Intelligence (SSCI).

[11]  Jan Lunze,et al.  Diagnosis of discrete-event system described by timed automata , 2002 .

[12]  Qin Lin,et al.  Learning behavioral fingerprints from Netflows using Timed Automata , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[13]  Shunzheng Yu,et al.  Automatic Network Protocol Automaton Extraction , 2009, 2009 Third International Conference on Network and System Security.

[14]  Malgorzata Steinder,et al.  A survey of fault localization techniques in computer networks , 2004, Sci. Comput. Program..

[15]  Naranker Dulay,et al.  Argumentation-based fault diagnosis for home networks , 2011, HomeNets '11.

[16]  Danwei Wang,et al.  An interactive rule based event management system for effective equipment troubleshooting , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[17]  D. Macko,et al.  IP networks diagnostic communication generator , 2017, 2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA).

[18]  Sylvain Piechowiak,et al.  The Localization and Correction of Errors in Models: A Constraint-Based Approach , 2005, Applied Intelligence.

[19]  Christopher Krügel,et al.  Automatic Network Protocol Analysis , 2008, NDSS.

[20]  Mario Konecki,et al.  A Timed Automata Model for Systems with Gateway-Connected Controller Area Networks , 2018, 2018 IEEE 3rd International Conference on Communication and Information Systems (ICCIS).

[21]  Alia Yahia El Sheikh Evaluation of the capabilities of Wireshark as network intrusion system , 2018 .

[22]  Helen J. Wang,et al.  Discoverer: Automatic Protocol Reverse Engineering from Network Traces , 2007, USENIX Security Symposium.

[23]  Michael I. Jordan,et al.  Failure diagnosis using decision trees , 2004 .

[24]  Aditya Akella,et al.  NetReplay: a new network primitive , 2010, PERV.

[25]  Nicole Krämer,et al.  Learning stateful models for network honeypots , 2012, AISec.

[26]  Jin-Wook Chung,et al.  A Rule Based Approach to Network Fault and Security Diagnosis with Agent Collaboration , 2004, AIS.

[27]  Abdelhamid MELLOUK,et al.  Network troubleshooting: Survey, Taxonomy and Challenges , 2018, 2018 International Conference on Smart Communications in Network Technologies (SaCoNeT).

[28]  Z. Altman,et al.  Automated Troubleshooting in WLAN Networks , 2007, 2007 16th IST Mobile and Wireless Communications Summit.

[29]  Li Guo,et al.  Inferring Protocol State Machine from Network Traces: A Probabilistic Approach , 2011, ACNS.