Detecção de anomalias em redes baseada em medições de QoS e rótulos de QoE com ruído
Abstract
Network anomaly detection is essential for maintaining a good quality of service (QoS) and a good quality of experience (QoE). However, it is often hard to obtain labels to train supervised models. We propose a method to detect anomalies based on a statistical model that takes into account QoS measurements and noisy QoE labels to infer the quality of residential access networks. We estimate the model parameters using the Expectation-Maximization (EM) algorithm and we correlate the results spatially to locate network regions with performance issues. We show that our model is effective using a real dataset that contains measures collected from 6369 home-routers during 18 months.
References
Bishop, C. M. (2006). Pattern Recognition and Machine Learning (Information Science and Statistics). Springer-Verlag, Berlin, Heidelberg.
Chandola, V., Banerjee, A., and Kumar, V. (2009). Anomaly detection: A survey. ACM computing surveys (CSUR), 41(3):1–58.
de Souza e Silva, E., Leão, R. M. M., and Muntz., R. R. (2011). Performance evaluation with hidden markov models. In Performance Evaluation of Computer and Communication Systems. Milestones and Future Challenges, pages 112–128.
Dempster, A. P., Laird, N. M., and Rubin, D. B. (1977). Maximum likelihood from incomplete data via the em algorithm. Journal of the Royal Statistical Society: Series B (Methodological), 39(1):1–22.
Herodotou, H., Ding, B., Balakrishnan, S., Outhred, G., and Fitter, P. (2014). Scalable near real-time failure localization of data center networks. In Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1689–1698.
Hu, J., Zhou, Z., Yang, X., Malone, J., and Williams, J. W. (2020). Cablemon: Improving the reliability of cable broadband networks via proactive network maintenance. In 17th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 20), pages 619–632.
Jin, Y., Duffield, N., Gerber, A., Haffner, P., Sen, S., and Zhang, Z.-L. (2010). Nevermind, the problem is already fixed: proactively detecting and troubleshooting customer dsl problems. In Proceedings of the 6th International COnference, pages 1–12.
Lakhina, A., Crovella, M., and Diot, C. (2004). Diagnosing network-wide traffic anomalies. ACM SIGCOMM computer communication review, 34(4):219–230.
Lakhina, A., Crovella, M., and Diot, C. (2005). Mining anomalies using traffic feature distributions. ACM SIGCOMM computer communication review, 35(4):217–228.
Montgomery, D. C. and Runger, G. C. (2010). Applied statistics and probability for engineers. John Wiley & Sons.
Natarajan, N., Dhillon, I. S., Ravikumar, P., and Tewari, A. (2013). Learning with noisy labels. In NIPS, volume 26, pages 1196–1204.
Parhami, B. (1994). Voting algorithms. IEEE transactions on reliability, 43(4):617–629.
Peng, Y., Yang, J., Wu, C., Guo, C., Hu, C., and Li, Z. (2017). detector: a topology-aware monitoring system for data center networks. In 2017 {USENIX} Annual Technical Conference ({USENIX}{ATC} 17), pages 55–68.
Rabiner, L. R. (1989). A tutorial on hidden markov models and selected applications in speech recognition. Proceedings of the IEEE, 77(2):257–286.
Santos, G. H., Mendonça, G., de Souza e Silva, E., Leão, R. M. M., Menasche, D. S., et al. (2019). Análise não supervisionada para inferência de qualidade de experiência de usuários residenciais. In Anais do XXXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 958–971. SBC.
Silveira, F. and Diot, C. (2010). Urca: Pulling out anomalies by their root causes. In 2010 Proceedings IEEE INFOCOM, pages 1–9. IEEE.
Song, H. H., Ge, Z., Mahimkar, A., Wang, J., Yates, J., Zhang, Y., Basso, A., and Chen, M. (2011). Q-score: Proactive service quality assessment in a large iptv system. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, pages 195–208.
Streit, A., Santos, G. H., Leão, R. M., de Souza e Silva, E., Menasché, D., and Towsley, D. (2021). Network anomaly detection based on tensor decomposition. Computer Networks, 200:108503.
Sundaresan, S., de Donato, W., N.Feamster, Teixeira, R., Crawford, S., and Pescapè, A. (2011). Broadband internet performance: A view from the gateway. In ACM SIGCOMM 2011.
Tan, C., Jin, Z., Guo, C., Zhang, T., Wu, H., Deng, K., Bi, D., and Xiang, D. (2019). Netbouncer: Active device and link failure localization in data center networks. In 16th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 19), pages 599–614.
Wenwei, L., Dafang, Z., Jinmin, Y., and Gaogang, X. (2007). On evaluating the differences of tcp and icmp in network measurement. Computer Communications, 30(2):428–439.
Xie, K., Li, X.,Wang, X., Xie, G.,Wen, J., and Zhang, D. (2018). Graph based tensor recovery for accurate internet anomaly detection. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications, pages 1502–1510. IEEE.
Chandola, V., Banerjee, A., and Kumar, V. (2009). Anomaly detection: A survey. ACM computing surveys (CSUR), 41(3):1–58.
de Souza e Silva, E., Leão, R. M. M., and Muntz., R. R. (2011). Performance evaluation with hidden markov models. In Performance Evaluation of Computer and Communication Systems. Milestones and Future Challenges, pages 112–128.
Dempster, A. P., Laird, N. M., and Rubin, D. B. (1977). Maximum likelihood from incomplete data via the em algorithm. Journal of the Royal Statistical Society: Series B (Methodological), 39(1):1–22.
Herodotou, H., Ding, B., Balakrishnan, S., Outhred, G., and Fitter, P. (2014). Scalable near real-time failure localization of data center networks. In Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1689–1698.
Hu, J., Zhou, Z., Yang, X., Malone, J., and Williams, J. W. (2020). Cablemon: Improving the reliability of cable broadband networks via proactive network maintenance. In 17th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 20), pages 619–632.
Jin, Y., Duffield, N., Gerber, A., Haffner, P., Sen, S., and Zhang, Z.-L. (2010). Nevermind, the problem is already fixed: proactively detecting and troubleshooting customer dsl problems. In Proceedings of the 6th International COnference, pages 1–12.
Lakhina, A., Crovella, M., and Diot, C. (2004). Diagnosing network-wide traffic anomalies. ACM SIGCOMM computer communication review, 34(4):219–230.
Lakhina, A., Crovella, M., and Diot, C. (2005). Mining anomalies using traffic feature distributions. ACM SIGCOMM computer communication review, 35(4):217–228.
Montgomery, D. C. and Runger, G. C. (2010). Applied statistics and probability for engineers. John Wiley & Sons.
Natarajan, N., Dhillon, I. S., Ravikumar, P., and Tewari, A. (2013). Learning with noisy labels. In NIPS, volume 26, pages 1196–1204.
Parhami, B. (1994). Voting algorithms. IEEE transactions on reliability, 43(4):617–629.
Peng, Y., Yang, J., Wu, C., Guo, C., Hu, C., and Li, Z. (2017). detector: a topology-aware monitoring system for data center networks. In 2017 {USENIX} Annual Technical Conference ({USENIX}{ATC} 17), pages 55–68.
Rabiner, L. R. (1989). A tutorial on hidden markov models and selected applications in speech recognition. Proceedings of the IEEE, 77(2):257–286.
Santos, G. H., Mendonça, G., de Souza e Silva, E., Leão, R. M. M., Menasche, D. S., et al. (2019). Análise não supervisionada para inferência de qualidade de experiência de usuários residenciais. In Anais do XXXVII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 958–971. SBC.
Silveira, F. and Diot, C. (2010). Urca: Pulling out anomalies by their root causes. In 2010 Proceedings IEEE INFOCOM, pages 1–9. IEEE.
Song, H. H., Ge, Z., Mahimkar, A., Wang, J., Yates, J., Zhang, Y., Basso, A., and Chen, M. (2011). Q-score: Proactive service quality assessment in a large iptv system. In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, pages 195–208.
Streit, A., Santos, G. H., Leão, R. M., de Souza e Silva, E., Menasché, D., and Towsley, D. (2021). Network anomaly detection based on tensor decomposition. Computer Networks, 200:108503.
Sundaresan, S., de Donato, W., N.Feamster, Teixeira, R., Crawford, S., and Pescapè, A. (2011). Broadband internet performance: A view from the gateway. In ACM SIGCOMM 2011.
Tan, C., Jin, Z., Guo, C., Zhang, T., Wu, H., Deng, K., Bi, D., and Xiang, D. (2019). Netbouncer: Active device and link failure localization in data center networks. In 16th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 19), pages 599–614.
Wenwei, L., Dafang, Z., Jinmin, Y., and Gaogang, X. (2007). On evaluating the differences of tcp and icmp in network measurement. Computer Communications, 30(2):428–439.
Xie, K., Li, X.,Wang, X., Xie, G.,Wen, J., and Zhang, D. (2018). Graph based tensor recovery for accurate internet anomaly detection. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications, pages 1502–1510. IEEE.
Published
2022-05-23
How to Cite
SANTOS, Gustavo H. A.; MENDONÇA, Gabriel; LEÃO, Rosa M. M.; SOUZA E SILVA, Edmundo de.
Detecção de anomalias em redes baseada em medições de QoS e rótulos de QoE com ruído. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 40. , 2022, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 98-111.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2022.221969.
