by Nogueira, Jose Marcos; Loureiro, Antonio A. F.

DOI: 10.1023/A:1015967000840
Print publication date: 6/1/2002
View article on SpringerLink

by

DOI: 10.1023/A:1015915018258
Print publication date: 6/1/2002
View article on SpringerLink

by Chen, G.; Varadharajan, V.; Ray, P.; Zuluaga, P.

DOI: 10.1023/A:1015962901420
Print publication date: 6/1/2002
View article on SpringerLink

by Cabrera, João B. D.; Lewis, Lundy; Qin, Xinzhou; Lee, Wenke; Mehra, Raman K.

Little or no integration exists today between Intrusion Detection Systems (IDSs) and SNMP-based Network Management Systems (NMSs), in spite of the extensive monitoring and alarming capabilities offered by commercial NMSs. This difficulty is mainly associated with the distinct data sources used by the two systems: packet traffic and audit records for IDSs and SNMP MIB variables for NMSs. In this paper we propose and evaluate a methodology for utilizing NMSs for the early detection of Distributed Denial of Service attacks (DDoS). A principled approach is described for discovering precursors to DDoS attacks in databases formed by MIB variables recorded from multiple domains in networked information systems. The approach is rooted in time series quantization, and in the application of the Granger Causality Test of classical statistics for selecting variables that are likely to contain precursors. A methodology is proposed for discovering precursor rules from databases containing time series related to different regimes of a system. These precursor rules relate precursor events extracted from input time series with phenomenon events extracted from output time series. Using MIB datasets collected from real experiments involving Distributed Denial of Service Attacks, it is shown that precursor rules relating activities at attacking machines with traffic floods at target machines can be extracted by the methodology. The technology has extensive applications for security management: it enables security analysts to better understand the evolution of complex computer attacks, it can be used to trigger alarms indicating that an attack is imminent, or it can be used to reduce the false alarm rates of conventional IDSs.

DOI: 10.1023/A:1015910917349
Print publication date: 6/1/2002
View article on SpringerLink

by Magnusson, Per; Oom, Jan

As cellular networks grow in size and complexity, the process of managing them becomes increasingly costly for mobile operators. It is therefore important to focus on simplifying or automating these tasks. This article describes an architecture for real-time performance monitoring and tuning of a cellular network, using event-based statistics. It also presents evaluation results in a field trial at the operator SmarTone in Hong Kong which show that the suggested agent/task pattern is well suited to implementing self-tuning algorithms.

DOI: 10.1023/A:1015958800511
Print publication date: 6/1/2002
View article on SpringerLink

by State, R.; Festor, O.; Nataf, E.

The management of Highly Dynamic Services implies the necessity for fast reconfiguration and provisioning. One important feature for this management is its supporting information model able to capture both temporal and aggregate information. Such a model is proposed in this paper. More specifically, we address the management of Dynamic Virtual Private Networks (DVPNs) as a special case of highly dynamic services.

DOI: 10.1023/A:1015906816441
Print publication date: 6/1/2002
View article on SpringerLink

by Appleby, K.; Goldszmidt, G.; Steinder, M.

Yemanja is a model-based event correlation engine for multi-layer fault diagnosis. It targets complex propagating fault scenarios, and can smoothly correlate low-level network events with high-level application performance alerts related to quality-of-service violations. Entity-models that represent devices or abstract components encapsulate their behavior. Distantly associated entity-models are not explicitly aware of each other, and communicate through internal event chains. Yemanja’s state-based engine supports generic scenario definitions, prioritization of alternate solutions, integrated problem and device testing, and simultaneous analysis of overlapping problems. The system of correlation rules was developed based on the analysis of device and layer functions, and the dependencies among physical and abstract system components. The primary objectives of this research include the development of reusable, configuration independent, correlation scenarios, adaptability and extensibility of the engine to match the constantly changing topology of a multi-domain server farm, and development of a concise specification language that is relatively simple yet powerful.

DOI: 10.1023/A:1015954732370
Print publication date: 6/1/2002
View article on SpringerLink

by Ensel, Christian; Keller, Alexander

We describe a novel approach for applying XML, XPath, and Resource Description Framework (RDF) to the problem of describing, querying and computing the dependencies among services in a distributed computing system. This becomes increasingly important in today’s networked environments where applications and services rely on both local and outsourced sub-services. However, service dependencies are not made explicit in today’s systems, thus making the task of problem determination particularly difficult. A key contribution of the paper is a web-based architecture for retrieving and handling dependency information from various managed resources. Its core component is a dependency query facility allowing the application of queries and filters to dependency models; its output is a consolidated dependency graph that can then be used by fault management applications to perform additional problem determination tasks or event correlation. The definition of an XML-based notation for specifying dependencies facilitates information sharing between the components involved in the process.

DOI: 10.1023/A:1015902715532
Print publication date: 6/1/2002
View article on SpringerLink

by Pavlou, George; Anerousis, Nikos; Liotta, Antonio

DOI: 10.1023/A:1015950631462
Print publication date: 6/1/2002
View article on SpringerLink

by Tsai, Wei K.; Iyer, Mahadevan; Ros, Jordi

DOI: 10.1023/A:1015951514623
Print publication date: 6/1/2002
View article on SpringerLink