Fault detection in an Ethernet network using anomaly signature matching

In an Ethernet network, a common type of failure is the temporary of extended loss of bandwidth, or soft failure as it is referred to in the literature. Though the causes of soft failures vary, to the network user such failures are perceived as noticeably degraded or anomalous performance.This work uses anomaly detection as a means to signal performance degradations that are indicative of network soft failures. Detection is done via a signature matching mechanism, call a fault feature vector, which will detect the occurrence of a fault by looking for anomaly conditions particular to the fault. In a two-year study of the Carnegie Mellon University Computer Science Network the fault feature vector mechanism proved effective in detecting faults and discriminating between faults types. This mechanism was also effective at abstracting large amounts of network data to only those events which warranted operator attention; in this two-year study, over 32 million monitored data points were reduced to under a two hundred event matchings.