Conference Paper

Implementing a Generalized Tool for Network Monitoring.

Conference: Proceedings of the 11th Conference on Systems Administration (LISA-97), San Diego, California, USA, October 26-31, 1997
Source: DBLP
0 Bookmarks
 · 
65 Views
  • [Show abstract] [Hide abstract]
    ABSTRACT: Effective network monitoring is vital for a growing number of control and management applications typically found in present-day networks. The ever-increasing link speeds and the complexity of monitoring applications’ needs have exposed severe limitations of existing monitoring techniques. A majority of the current monitoring tasks require only a small subset of all observed packets, which share some common properties such as identical header fields or similar patterns in their data. In order to capture only these useful packets, a large set of expressions needs to be evaluated. This evaluation should be done as efficiently as possible when monitoring multi-gigabit networks. To speed up this packet classification process, this article presents different packet filter optimization techniques. Complementary to existing approaches, we propose an adaptive optimization algorithm which dynamically reconfigures the filter expressions based on the currently observed traffic pattern. The performance of the algorithms is validated both analytically and by means of the implementation in a network monitoring framework. The various characteristics of the algorithms are investigated, including their performance in an operational network intrusion detection system.
    annals of telecommunications - annales des télécommunications 03/2007; 62(3-4). · 0.57 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Biology has succeeded in solving many computational and communication problems in the natural world, and computer users are ever inspired by its apparently ingenious creativity. Today scientists are building artificial immune systems and discussing autonomic computing, with self-healing, self-anything systems. We discuss the relevance and efficacy of these approaches. Are they better than classical software engineering design?
    Information Security Technical Report 01/2007; 12(4):192-199.
  • [Show abstract] [Hide abstract]
    ABSTRACT: The competitive business climate and the complexity of IT environments dictate efficient and cost-effective service delivery and support of IT services. These are largely achieved by automating routine maintenance procedures, including problem detection, determination and resolution. System monitoring provides an effective and reliable means for problem detection. Coupled with automated ticket creation, it ensures that a degradation of the vital signs, defined by acceptable thresholds or monitoring conditions, is flagged as a problem candidate and sent to supporting personnel as an incident ticket. This paper describes an integrated framework for minimizing false positive tickets and maximizing the monitoring coverage for system faults. In particular, the integrated framework defines monitoring conditions and the optimal corresponding delay times based on an off-line analysis of historical alerts and incident tickets. Potential monitoring conditions are built on a set of predictive rules which are automatically generated by a rule-based learning algorithm with coverage, confidence and rule complexity criteria. These conditions and delay times are propagated as configurations into run-time monitoring systems. Moreover, a part of misconfigured monitoring conditions can be corrected according to false negative tickets that are discovered by another text classification algorithm in this framework. This paper also provides implementation details of a program product that uses this framework and shows some illustrative examples of successful results.
    Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining; 08/2013

Full-text

Download
1 Download
Available from