Full text
| |
| Author(s): |
Bruno Bogaz Zarpelão
Total Authors: 1
|
| Document type: | Doctoral Thesis |
| Press: | Campinas, SP. |
| Institution: | Universidade Estadual de Campinas (UNICAMP). Faculdade de Engenharia Elétrica e de Computação |
| Defense date: | 2010-09-23 |
| Examining board members: |
Leonardo de Souza Mendes;
Rodolfo Miranda de Barros;
Taufik Abrão;
Mauricio Ferreira Magalhães;
Renato Baldini Filho
|
| Advisor: | Leonardo de Souza Mendes; Mario Lemes Proença Junior |
| Abstract | |
Anomalies in computer networks are unexpected and significant deviations that occur in network traffic due to different situations such as software bugs, unfair resource usage, failures, misconfiguration and attacks. In this work, it is proposed an anomaly detection system based on three levels of analysis. The first level of analysis is responsible for comparing the data collected from SNMP (Simple Network Management Protocol) objects with the profile of network normal behavior. The second level of analysis correlates the alarms generated by the first level of analysis by using a dependency graph, which represents the relationships between the SNMP objects. The third level of analysis correlates the second level alarms by using network topology information. The third level generates a third level alarm that presents the anomaly propagation path through the network. Tests were performed in the State University of Londrina network, exploring real situations. Results showed that the proposal presents low false positive rates and high detection rates. Moreover, the proposed system is able to correlate alarms that were generated for SNMP objects at different places of the network, producing smaller sets of alarms that offer a wide-view of the problem to the network administrator (AU) | |