Anomaly Detection Using DSNS and a Dependency Graph for SNMP Objects

Abstract

This paper addresses the problem of detecting anomalies in computer networks. Anomalies are significant changes in traffic levels, which can cause grave consequences to the execution of services offered by the network. The main characteristics of the anomaly detection system proposed in this work are: (i) application of the DSNS (digital signature of network segment), in order to detect the traffic behavior deviations, (ii) application of a dependency graph that represents the relations between the SNMP objects, in order to correlate the alarms generated for different objects. The results obtained from initial tests performed in a real environment were encouraging. They showed that our system is able to detect anomalies on the monitored network elements, avoiding the high false alarms rate.