Accepted paper in DSN 2014

Post date: Apr 1, 2014 2:39:06 PM

Emmanuelle Anceaume, Yann Busnel, Erwan Le Merrer, Romaric Ludinard, Jean-Louis Marchand, Bruno Sericola.

Anomaly Characterization in Large Scale Networks.

In the 44rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014), Atlanta, GE, USA, June 2014.

Abstract

The context of this work is the online characterization of anomalies in large scale systems. In particular, we address the following question: Given two successive configurations of the system, can we distinguish massive anomalies from isolated ones, the former ones impacting a large number of nodes while the second ones affect solely a small number of them, or even a single one? The rationale of this question is twofold. First, from a theoretical point of view, we characterize anomalies with respect to their neighborhood, and we show that there are anomaly scenarios for which isolated and massive anomalies are indistinguishable from an omniscient observer point of view. We then relax the definition of this problem by introducingunresolved configurations, and exhibit necessary and sufficient conditions that allows any node to determine the type of anomaly it has been impacted by. This condition only depends on the close neighborhood of each node and thus is locally computable. We present an algorithm that implements this condition. We show through extensive simulations the performance of our algorithm. From a practical point of view, distinguishing isolated anomalies from massive ones is of utmost importance for networks providers. For instance, regarding Internet service providers that operate millions of home gateways, it would be very interesting to have procedures that allow gateways to self distinguish whether their dysfunction is caused by network-level anomalies or by their own hardware or software, and to notify the service provider only in the latter case.

Keywords

Network monitoring, anomaly detection, diagnosis.