Servizio Comunitario di Informazione in materia di Ricerca e Sviluppo - CORDIS

Final Activity and Management Report Summary - CAG (Network management of traffic monitoring infrastructure)

The project designed a configuration system for dynamically managing and reconfiguring network traffic monitoring probes. The work focused on modern traffic flow monitoring probes based on flexible Netflow and IPFIX. We designed an architecture for managing probes and implemented an associated system useful for various applications, like anomaly detection or dependency extraction, that substantially benefit by dynamically varying network monitoring parameters. Furthermore, we developed a novel anomaly detection technique that is called entropy telescope.

Our entropy telescope provides better detection accuracy than the widely-known detectors based on Shannon's entropy and in addition is capable to accurately classify the type of a detected anomaly. In addition, we introduced a novel method for automatically finding dependencies between network service components.

Our work was extensively evaluated with real-world Netflow traces from a backbone network and had exceptional performance with respect to a number of evaluation parameters.

Reported by