Multi-criteria analysis and prediction of network incidents using monitoring system

Tóm tắt

Today, network technologies can handle throughputs up to 100Gbps, transporting 200 million packets per second on a single link. Such high bandwidths impact network flow analysis and as a result require significantly more powerful hardware. Methods used today concentrate mainly on analyzes of data flows and patterns. It is nearly impossible to actively look for anomalies in network packets and flows for a small amount of change of monitoring patterns could result in big increases in potentially false positive incidents. This paper focuses on multi-criteria analyzes of systems generated data in order to predict incidents. We prove that systems generated monitoring data are an appropriate source to analyze and enable for much more focused and less computationally intensive monitoring operations. By using appropriate mathematical methods to analyze stored data it is possible to obtain useful information. During our work, some interesting anomalies in networks were found by utilizing simple data correlations using monitoring system Zabbix. We concluded that it is possible to declare that deeper analysis is possible due to Zabbix monitoring system and its features like Open-Source core, documented API and SQL backend for data. The result of this work is a new approach to the analysis containing algorithms which allow to identify significant items in monitoring system.

Từ khoá

Zabbix, Monda, ANN, SOM, MLP, Classication, Prediction.

Tài liệu tham khảo

[1] FAZIO, P., M. TROPEA. A New Markovian
Prediction Scheme for Resource Reservation
in Wireless Networks With Mobile
Hosts. Advances in Electrical and Electronic
Engineering. 2012, vol. 10, iss. 4,
pp. 204210.
[2] FAZIO, SP., M. TROPEA and S.
MARANO. A distributed hand-over
management and pattern prediction algorithm
for wireless networks With mobile
hosts. In: Proc. 9th International Wireless
Communications and Mobile Computing
Conference (IWCMC). Sardinia, 2013,
pp. 294298.
[3] DE RANGO, F., M. TROPEA, A.
PROVATO, A. F. SANTAMARIA, S.
MARANO. Multi-Constraints Routing Algorithm
Based on Swarm Intelligence over
High Altitude Platforms. Studies in Computational
Intelligence. 2007, vol. 129,
pp. 409418.
[4] DE RANGO, F., M. TROPEA, A.
PROVATO, A. F. SANTAMARIA, S.
MARANO. Minimum Hop Count and Load
Balancing Metrics Based on Ant Behavior
over HAP Mesh. In: Proc. IEEE GLOBECOM
2008. New Orleans, 2008, pp. 16.
[5] Open-Source tool ZABBIX: the network
monitoring SW. Available at: http://
www.zabbix.com/.
[6] Open-Source tool MONDA: data analyzing
in monitoring system Zabbix. Available
at: https://github.com/limosek/
monda/.
[7] SINGH, N., A. JAIN, R.S. RAW, R. RAMAN.
Detection of Web-Based Attacks by
Analyzing Web Server Log Files. In: Networking,
and Informatics. Advances in Intelligent
Systems and Computing. Springer,
2014, vol. 243.
[8] CELEDA, P., M. KOVACIK, T. KONICEK,
et al. FlowMon Probe. Networking
Studies, 2006.
[9] SAFARIK, J., M. VOZNAK, F. REZAC,
L. MACURA. IP telephony server emulation
for monitoring and analysis of malicious
activity in VOIP network. Komunikacie.
2013, vol. 15, iss. 2A, pp. 191196.
[10] SAFARIK, J., P. PARTILA, F. REZAC, L.
MACURA, M. VOZNAK. Automatic classication
of attacks on IP telephony. Advances
in Electrical and Electronic Engineering.
2013, vol. 11, iss. 6, pp. 481486.
[11] SAFARIK, J., M. VOZNAK, F. REZAC,
L. MACURA. Malicious trac monitoring
and its evaluation in VoIP infrastructure.
In: Proc. 35th Int. Conference on Telecommunications
and Signal Processing. TSP,
2012, iss 6256294, pp. 259262.
[12] ] DAVID, N., N. RESHEF, A. YAKIR A.
et al. Detecting Novel Associations in Large
Data Sets. Science. 2011, vol. 334, iss. 6062,
pp. 15181524.