Enterprise intranets have gained popularity in recent times. The growth in size and complexity of these networks, in conjunction with their importance in maintaining business operations, have led to a greater requirement for network management. In addition, the type and severity of problems occurring in these networks have escalated, and the problems are much more difficult to detect. Much of this is attributed to unusual traffic patterns resulting from activity by network users. In the past, detection of network anomalies has relied upon correlation of alarms generated by network devices. More recently, statistical analysis of raw device level network measurements (e.g. variables from the management information bases maintained by network devices) has been explored. Whilst these approaches have proven valuable, they are most suitable for detecting problems, such as network device failures, that are local to the devices where measurements are collected. To complement these techniques a network-wide (or global) approach is required, whereby the dynamic behaviour of a network, in terms of topology and traffic flow, is measured and used for anomaly detection purposes. This method combines flow information taken throughout a network. Such an approach is capable of modelling the behaviour of traffic generated by network users, and hence can better define the cause of certain network anomalies. / This thesis develops a number of graph-based techniques that are capable of measuring the dynamic behaviour of a network and discusses their application in network management. By representing a computer network as a time series of uniquely labelled graphs, it is possible to measure the degree of change that has occurred between a pair of graphs, and hence the dynamics in a network. Concepts introduced include the median graph, intra- and inter- graph clustering, and hierarchical graph representations. The focus is on producing efficient algorithms and improved measures of network change. It is believed that these graph-based techniques for measuring network dynamics have great potential in network anomaly detection, and thus will improve reliability of enterprise intranets. / Thesis (PhDTelecommunications)--University of South Australia, 2006.
Identifer | oai:union.ndltd.org:ADTP/267346 |
Creators | Dickinson, Peter John. |
Source Sets | Australiasian Digital Theses Program |
Language | English |
Detected Language | English |
Rights | copyright under review |
Page generated in 0.002 seconds