Versions Compared

Old Version 6

changes.mady.by.user Unknown User (adnan)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (adnan)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Introduction

Anomaly detection in computer networks is becoming increasingly important. Several approaches exist for event detection problems. Majority of them have restricted themselves to single route analysis. Our aim is to apply Principal Component Analysis to address the problem of anomalous event detection for single route as well as multiple routes. The scheme is to be applied on different data sets. Most notable is ABwE measurements from SLAC (Stanford Linear Accelerator Center) to different parts of world. Other data sets include data from other tools like IPerf, Pathchirp end Ping etc. Data set from Fermi lab is also to be analysed. The tasks which are performed during analysis include pre-processing of data (Trimming, Normalization and Regularization), PCA analysis (Application of PCA and event detection) and study of results

Process

Principal Component Analysis is used in many application. Its basic functionality is dimensionality reduction. Following steps have been applied to use PCA.

...

This is a collaborative effort. Stanford Linear Accelerator Center (SLAC) and NUST Institue of IT (NIIT) are carrying out a combined research work. This work is part ofmaggie-ns (Maggie-NIIT-SLAC) project.

Dataset

The process has been applied on following different data sets.

...

b) SLAC-DESY, SLAC-DL, SLAC-FZK,SLAC-INFN,-CESNET

Terminology

Overlap: it is overlapping time of two different events i.e., did they occur at the same time or not.

Full Overlap: Events are overlapping with respect to time and this overlapping time is more than one hour.

Partial Overlap: Events are overlapping with respect to time but the time period is very small i.e. from 10 minutes to one hour.

No Overlap: Events are mutually exclusive.

Results are desribed seperately for each route. A description of each route is given below 

A) ABING ANALYSIS RESULTS

Route# A1 (SLAC-DESY, SLAC-SWITCH, SLAC-CESNET, SLAC-FZK, SLAC-NIIT, SLAC-TRIUMF)

B) PING ANALYSIS RESULTS

Route# B1 (SLAC-DESY, SLAC-SWITCH, SLAC-CESNET, SLAC-FZK, SLAC-NIIT, SLAC-TRIUMF)

Route# B2 (SLAC-DESY, SLAC-SWITCH, SLAC-CESNET, SLAC-FZK, SLAC-NIIT, SLAC-TRIUMF)

Implementation details and usage