IP forwarding anomalies and improving their detection using multiple data sources
| dc.contributor.author | Roughan, M. | |
| dc.contributor.author | Griffin, T. | |
| dc.contributor.author | Mao, M. | |
| dc.contributor.author | Greenberg, A. | |
| dc.contributor.author | Freeman, B. | |
| dc.contributor.conference | Association for Computing Machinery Special Interest Group on Data Communication conference (2004 : Portland, Oregon) | |
| dc.contributor.editor | Bennett, J. | |
| dc.contributor.editor | Allman, M. | |
| dc.date.issued | 2004 | |
| dc.description | Copyright 2004 ACM | |
| dc.description.abstract | IP forwarding anomalies, triggered by equipment failures, implementation bugs, or configuration errors, can significantly disrupt and degrade network service. Robust and reliable detection of such anomalies is essential to rapid problem diagnosis, problem mitigation, and repair. We propose a simple, robust method that integrates routing and traffic data streams to reliably detect forwarding anomalies, and report on the evaluation of the method in a tier-1 ISP backbone. First, we transform each data stream separately, to produce informative alarm indicators. A forwarding anomaly is then signalled only if the indicators for both streams indicate anomalous behavior concurrently. The overall method is scalable, automated and self-training. We find this technique effectively identifies forwarding anomalies, while avoiding the high false alarms rate that would otherwise result if either stream were used unilaterally. | |
| dc.description.statementofresponsibility | Matthew Roughan, Tim Griffin, Z. Morley Mao, Albert Greenberg, Brian Freeman | |
| dc.identifier.citation | Proceedings of ACM SIGCOMM 2004 : Portland/Oregon/USA, August 30-September 3, 2004 : Conference on Computer Communications, pp. 307-312 | |
| dc.identifier.doi | 10.1145/1016687.1016703 | |
| dc.identifier.isbn | 1581138628 | |
| dc.identifier.orcid | Roughan, M. [0000-0002-7882-7329] | |
| dc.identifier.uri | http://hdl.handle.net/2440/28999 | |
| dc.language.iso | en | |
| dc.publisher | ACM | |
| dc.publisher.place | Oregon, USA | |
| dc.source.uri | https://doi.org/10.1145/1016687.1016703 | |
| dc.title | IP forwarding anomalies and improving their detection using multiple data sources | |
| dc.type | Conference paper | |
| pubs.publication-status | Published |