TY - GEN
T1 - Real time distributed analysis of MPLS network logs for anomaly detection
AU - Macit, Muhammet
AU - Delibaş, Emrullah
AU - Karanlik, Bahtiyar
AU - Inal, Alperen
AU - Aytekin, Tevfik
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/6/30
Y1 - 2016/6/30
N2 - Large scale IP networks contain thousands of network devices such as routers and switches. Massive amounts of logging data is generated by these devices. Analysing this data is both a challenge and an opportunity for finding network problems. Moreover, large IP networks contain devices from different vendors, so it is important to build a system which can work with network devices of different brands. In this study we describe a distributed architecture which can retrieve, store, and process massive amounts of network logging data in real time. Using this architecture we also build a basic anomaly detection system. The system statistically models cumulative counts of logs for different event types for all the devices in the network. The statistical approach lets the system to detect deviations from the normal behaviour without consulting expert knowledge. Our evaluations show that the system effectively handles massive amounts of data and detects anomalies.
AB - Large scale IP networks contain thousands of network devices such as routers and switches. Massive amounts of logging data is generated by these devices. Analysing this data is both a challenge and an opportunity for finding network problems. Moreover, large IP networks contain devices from different vendors, so it is important to build a system which can work with network devices of different brands. In this study we describe a distributed architecture which can retrieve, store, and process massive amounts of network logging data in real time. Using this architecture we also build a basic anomaly detection system. The system statistically models cumulative counts of logs for different event types for all the devices in the network. The statistical approach lets the system to detect deviations from the normal behaviour without consulting expert knowledge. Our evaluations show that the system effectively handles massive amounts of data and detects anomalies.
KW - MPLS networks
KW - anomaly detection
KW - log mining
KW - streaming data
UR - http://www.scopus.com/inward/record.url?scp=84979788537&partnerID=8YFLogxK
U2 - 10.1109/NOMS.2016.7502891
DO - 10.1109/NOMS.2016.7502891
M3 - Conference contribution
AN - SCOPUS:84979788537
T3 - Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium
SP - 750
EP - 753
BT - Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium
A2 - Badonnel, Sema Oktug
A2 - Ulema, Mehmet
A2 - Cavdar, Cicek
A2 - Granville, Lisandro Zambenedetti
A2 - dos Santos, Carlos Raniery P.
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016
Y2 - 25 April 2016 through 29 April 2016
ER -