Challenge identification for network resilience

It is widely agreed that the Internet needs to become more resilient to a range of challenges that can seriously impact the normal operation of the network and networked services. Challenges include malicious attacks, misconfigurations, accidental faults and operational overloads. Our starting point in this paper is an overall strategy for network resilience, which draws on existing or under development mechanisms, that can be used to maintain acceptable levels of operation in the event of challenges. A crucial part of this strategy is the identification of challenges in real-time, followed by the application of appropriate remedial action. In this paper, we motivate and describe a new approach to challenge identification that goes beyond current techniques for attack, anomaly or fault detection. We describe our proposed approach in the context of known network challenge scenarios and identify the gaps in the state of the art that our work is filling. We indicate its validity by showing how it can address the challenge of interference in wireless mesh networks.

[1]  Mudhakar Srivatsa,et al.  Learning, indexing, and diagnosing network faults , 2009, KDD.

[2]  Fernando Silveira,et al.  Challenging the supremacy of traffic matrices in anomaly detection , 2007, IMC '07.

[3]  Ronaldo M. Salles,et al.  An AS-level overlay network for IP traceback , 2009, IEEE Network.

[4]  David Hutchison,et al.  OpenLIDS: a lightweight intrusion detection system for wireless mesh networks , 2009, MobiCom '09.

[5]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[6]  Jennifer Rexford,et al.  Sensitivity of PCA for traffic anomaly detection , 2007, SIGMETRICS '07.

[7]  Mahesh K. Marina,et al.  A learning-based approach for distributed multi-radio channel allocation in wireless mesh networks , 2009, 2009 17th IEEE International Conference on Network Protocols.

[8]  David Hutchison,et al.  Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines , 2010, Comput. Networks.

[9]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[10]  Marcus Schöller,et al.  An Extensible and Flexible System for Network Anomaly Detection , 2006, Autonomic Networking.

[11]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[12]  William A. Arbaugh,et al.  Weighted coloring based channel assignment for WLANs , 2005, MOCO.

[13]  Johnathan Ishmael,et al.  Deploying Rural Community Wireless Mesh Networks , 2008, IEEE Internet Computing.

[14]  Symeon Papavassiliou,et al.  Network anomaly detection and classification via opportunistic sampling , 2009, IEEE Network.

[15]  Salim Hariri,et al.  Impact Analysis of Faults and Attacks in Large-Scale Networks , 2003, IEEE Secur. Priv..

[16]  Renata Teixeira,et al.  Traffic classification on the fly , 2006, CCRV.

[17]  Robert H. Deng,et al.  Models and algorithms for network fault detection and identification: a review , 1992, [Proceedings] Singapore ICCS/ISITA `92.

[18]  Nick Feamster,et al.  Measuring the effects of internet path faults on reactive routing , 2003, SIGMETRICS '03.

[19]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.

[20]  Edith Cohen,et al.  Predicting and bypassing end-to-end internet service degradations , 2002, IMW '02.

[21]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[22]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[23]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[24]  Sebastian Zander,et al.  A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification , 2006, CCRV.

[25]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[26]  Ming Zhang,et al.  Effective Diagnosis of Routing Disruptions from End Systems , 2008, NSDI.

[27]  Malgorzata Steinder,et al.  A survey of fault localization techniques in computer networks , 2004, Sci. Comput. Program..

[28]  Xenofontas A. Dimitropoulos,et al.  Probabilistic lossy counting: an efficient algorithm for finding heavy hitters , 2008, CCRV.

[29]  Mischa Schwartz,et al.  Schemes for fault identification in communication networks , 1995, TNET.

[30]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[31]  Thomas Gamer Anomaly-Based Identification of Large-Scale Attacks , 2009, GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference.

[32]  Tilman Wolf,et al.  Accurate anomaly detection through parallelism , 2009, IEEE Network.