NOMAD: traffic-based network monitoring framework for anomaly detection

Network performance monitoring is essential for managing a network efficiently and for ensuring reliable operation of the network. In this paper we introduce a scalable network monitoring framework, (NOMAD), that detects network anomalies through the characterization of the dynamic statistical prope...

Full description

Saved in:
Bibliographic Details
Published inComputers and Communications: Proceedings: 4th International Symposium, Held in Egypt, 1999 pp. 442 - 451
Main Authors Talpade, R., Kim, G., Khurana, S.
Format Conference Proceeding
LanguageEnglish
Published IEEE 1999
Subjects
Aging
Computer network reliability
Computer science
Computerized monitoring
Delay
Large-scale systems
Next generation networking
Protocols
Spine
Telecommunication traffic
Online AccessGet full text
ISBN0769502504
9780769502502
DOI10.1109/ISCC.1999.780942

Cover

More Information
Summary:Network performance monitoring is essential for managing a network efficiently and for ensuring reliable operation of the network. In this paper we introduce a scalable network monitoring framework, (NOMAD), that detects network anomalies through the characterization of the dynamic statistical properties of network traffic. NOMAD relies on high resolution measurements and on-line analysis of network traffic to provide real-time alarms in the incipient phase of network anomalies. It incorporates a suite of anomaly identification algorithms based on path changes, flow shift, and packet delay variance, and relies extensively on IP packet header information, such as TTL, source/destination address and packet length, and router's timestamps. NOMAD can be deployed in a single backbone router or incrementally in a regional or large scale network for detecting and locating network anomalies by correlating spatial and temporal network state information.
ISBN:0769502504
9780769502502
DOI:10.1109/ISCC.1999.780942