MONITORING AND DIAGNOSTICS OF ANOMALOUS STATES IN A COMPUTER NETWORK BASED ON THE STUDY OF «HISTORICAL DATA»
Oleg I. Sheluhin, MTUCI, Moscow, Russia, email@example.com
Andrey V. Osin, MTUCI, Moscow, Russia, firstname.lastname@example.org
Denis V. Kostin, MTUCI, Moscow, Russia, email@example.com
This paper proposed to characterize the «health of a computer network» by a set of system metrics that characterize the Service Level Objectives and Service Level Agreement of the computer network. The necessary parameters (attributes, signatures) that determine the state of a computer network can be extracted from historical data and used to automatically cluster and search for similar problems in the past based on similarities. The database of historical events allows to find and compare the current behavior of the system with similar previously encountered problems that were observed in the past. To solve this problem, it is necessary to study various abnormal symptoms from historical data at the training stage. To predict «future» symptoms, it is necessary to model statistical changes in patterns of different attribute values. The functional diagram of health diagnosis and risk prediction has been proposed. The paper studies the characteristics for determining the health of a computer network. Combining the classification of anomaly symptoms and prediction, the diagnostic system must predict network anomalies based on the classification of anomaly symptoms for future data.
An algorithmic and software solution can be used to monitor the quality of computer systems, for early detection (based on prediction algorithms) and to identify various problems that reduce the quality of a computer network.
Keywords: anomaly states, computer network, forecasting, machine learning, data mining, monitoring system metrics, clustering, sequential analysis; pattern.
1. M. Shatnawi and M. Hefeeda. (2015). Real-time failure prediction in online services. IEEE Conference on Computer Communications (INFOCOM), pp. 1391-1399.
2. ITU-T Recommendation M.3342. (2006). Guidelines for Defining SLA Presentation Templates.
3. Sheluhin O.I., Ryabinin V.S., Farmakovsky M.A. (2018). Detection of abnormal conditions of computer systems by means of data mining system logs. Cybersecurity Issues. No. 2 (26). DOI: 10.21681 / 2311-3456-2018-2-33-43
4. F. Salfner, M. Lenk, and M. Malek. (2010). A survey of online failure prediction methods. ACM Computing Surveys (CSUR), vol. 42, no. 3, pp. 10.
5. F. Salfner, M. Schieschke, and M. Malek. (2006). Predicting failures of computer systems: A case study for a telecommunication system. Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.
6. V. Balaji and V. Duraisami. (2010). Cluster based packet loss prediction using tcp ack packets in wireless network. (IJCSE) International Journal on Computer Science and Engineering. Vol. 02, No. 07, pp. 2313-2315.
7. Ira Cohen, Steve Zhang, Moises Goldszmidt, Julie Symons, Terence Kelly. (2005). Capturing, Indexing, Clustering, and Retrieving System History. SOSP’05, Brighton, United Kingdom. Copyright 2005 ACM 1595930795/05/0010.
8. S. Zhang, I. Cohen, M. Goldszmidt, J. Symons, and A. Fox. (2005). Ensembles of models for automated diagnosis of system performance problems; DSN.
9. Z. Yang, M. Kitsuregawa. (2005). LPI-SPAM: An Improved Algorithm for Mining Sequential Pattern. Proc. of Int’l Special Workshop on Databases for Next Generation Researchers in conjunction with ICDE’05, pp. 8-11.
10. M.J. Zaki. (2001). SPADE: An Efficient Algorithm for Mining Frequent Sequences. Machine Learning Journal, Vol. 42(1/2), pp. 31-60.
11. Mohammed J. Zaki. (2001). SPADE: An Efficient Algorithm for Mining Frequent Sequences. Machine Learning, no. 42, pp. 31-60.
12. Jian Pei, Jiawei Han, Behzad Mortazavi-Asl, Jianyong Wang, Helen Pinto, Qiming Chen, Umeshwar Dayal and Mei-Chun Hsu. (2004). Mining Sequential Patterns by Pattern-Growth: The PrefixSpan Approach. IEEE Transactions On knowledge and data engineering, vol. 16, no. 10.
13. R.Agrawal and R.Srikant. (1995). Mining sequential patterns. Proceedings of the Eleventh International Conference on Data Engineering.
14. Jen-Wei Huang, Chi-Yao Tseng, Jian-Chih Ou, and Ming-Syan Chen. (2008). A General Model for Sequential Pattern Mining with a Progressive Database Publication. IEEE Transactions On Knowledge And Data Engineering, Vol. 20, No. 9.
15. S. Abbasghorbani and R. Tavoli. (2015). «Survey on sequential pattern mining algorithms». 2015 2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI), Tehran, pp. 1153-1164. doi: 10.1109/KBEI.2015.7436211
16. Philippe Fournier-Viger, Jerry Chun-Wei Lin, Rage-Uday Kiran, Yun-Sing Koh, and Rincy Thomas. (2017). A survey of sequential pattern mining. Data Science and Pattern Recognition 1, 1, pp. 54-77.
17. Wensheng Gan, Jerry Chun-Wei Lin, Philippe Fournier-Viger, Han-Chieh Chao, and Philip S. Yu. (2018). A Survey of Parallel Sequential Pattern Mining. ACM Trans. Knowl. Discov. Data. 0, 1, Article 00 (August 2018), 33 pages. https://doi.org/0000001
18. Xiaohui Gu. (2009). Online Anomaly Prediction for Robust Cluster Systems. IEEE 25th International Conference on Data Engineering. March 2009, pp. 1000-1011. DOI: 10.1109/ICDE.2009.128.
19. Sheluhin O.I., Ryabinin V.S. (2019). Detection of large data anomalies in unstructured syslogs. Cybersecurity issues. No. 2 (30), pp. 36-41. DOI 10.21681 / 2311-3456-2019-2-36-41
Information about authors:
Oleg I. Sheluhin, doctor of technical sciences, professor, head of the Department of Information Security, MTUCI, Moscow, Russia
Andey V. Osin, PhD, MTUCI, Moscow, Russia
Denis V. Kostin, graduate student, MTUCI, department of information security, Moscow, Russia