{"title":"发现大型网络系统中的异常行为","authors":"P. Mullarkey, Mike Johns, S. Rooney","doi":"10.1109/INM.2011.5990498","DOIUrl":null,"url":null,"abstract":"Tools for monitoring the performance and behavior of modern large networks produce an abundance of data, resulting in considerable interest in the ability to bring the most critical facets to the attention of human operators. While the coverage and sophistication of data being collected is expanding greatly to be comprehensive and detailed enough to solve hard problems, methods for analyzing this data tend to be either 1) too simplistic, resulting in too much information for users to process, many of which are false positives, or 2) too computationally intensive to keep up with the volume of data generated by large networks. We introduce a system that seeks a middle ground between these extremes using probability-based thresholding and temporal correlation of targeted, domain-specific network behavior metrics, resulting in fewer, higher-quality, more actionable events presented to users. In this paper we outline the problem area, present some of the mechanisms used, and then share two real examples of using anomaly detection to help large enterprises solve network problems.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Discovering anomalous behavior in large networked systems\",\"authors\":\"P. Mullarkey, Mike Johns, S. Rooney\",\"doi\":\"10.1109/INM.2011.5990498\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Tools for monitoring the performance and behavior of modern large networks produce an abundance of data, resulting in considerable interest in the ability to bring the most critical facets to the attention of human operators. While the coverage and sophistication of data being collected is expanding greatly to be comprehensive and detailed enough to solve hard problems, methods for analyzing this data tend to be either 1) too simplistic, resulting in too much information for users to process, many of which are false positives, or 2) too computationally intensive to keep up with the volume of data generated by large networks. We introduce a system that seeks a middle ground between these extremes using probability-based thresholding and temporal correlation of targeted, domain-specific network behavior metrics, resulting in fewer, higher-quality, more actionable events presented to users. In this paper we outline the problem area, present some of the mechanisms used, and then share two real examples of using anomaly detection to help large enterprises solve network problems.\",\"PeriodicalId\":433520,\"journal\":{\"name\":\"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INM.2011.5990498\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INM.2011.5990498","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Discovering anomalous behavior in large networked systems
Tools for monitoring the performance and behavior of modern large networks produce an abundance of data, resulting in considerable interest in the ability to bring the most critical facets to the attention of human operators. While the coverage and sophistication of data being collected is expanding greatly to be comprehensive and detailed enough to solve hard problems, methods for analyzing this data tend to be either 1) too simplistic, resulting in too much information for users to process, many of which are false positives, or 2) too computationally intensive to keep up with the volume of data generated by large networks. We introduce a system that seeks a middle ground between these extremes using probability-based thresholding and temporal correlation of targeted, domain-specific network behavior metrics, resulting in fewer, higher-quality, more actionable events presented to users. In this paper we outline the problem area, present some of the mechanisms used, and then share two real examples of using anomaly detection to help large enterprises solve network problems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
