期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2006
卷号:6
期号:5B
页码:194-202
出版社:International Journal of Computer Science and Network Security
摘要:Anomaly detection is essential, because it allows a rapid reaction to the problems and helps assuring performance and security in computer networks. This paper presents an anomaly detection system based on: (i) the traffic characterization performed by the BLGBA model, which is responsible for the DSNS generation; (ii) an alarm system that compares the DSNS and the real movement obtained in SNMP objects, sending the alarms to a correlation system when a behavior deviation is detected; (iii) a correlation system based on a directed graph which represents the possible paths of anomaly propagation through the SNMP objects in a network element. Three years of data collected from the State University of Londrina network were used to evaluate this anomaly detection system. The results were encouraging and confirmed that our system is able to detect anomalies on the monitored network elements, avoiding the high false alarms rate.
