GGrantIndex
← Search

Collaborative ITR/CSE: Modular Strategies for Internetwork Monitoring

$1,925,530FY2003CSENSF

Regents Of The University Of Michigan - Ann Arbor, Ann Arbor MI

Investigators

Abstract

ABSTRACT 0325571 Alfred Hero U of MIchigan Ann Arbor This project addresses the longstanding and difficult problem of detecting and classifying spatially distributed network anomalies from multiple monitoring sites. To characterize baseline vs. anomalous behavior of the Internet requires deployment of collaborative data collection, anomaly detection and pattern recognition for complex large scale systems. The project combines the forces of leading researchers in three complementary disciplines: (i) networking and data collection; (ii) statistical data analysis and signal processing; (iii) decentralized decision-making. The research goes well beyond the state-of-the art anomaly detection for centrally administered networks. In particular tools and practical data sharing algorithms are being developed for detecting coordinated intrusions, distributed denial of service attacks, and quality-of-service degradations in decentralized networks such as the Internet. The project also includes activities with broader impact including: creation of a public network anomaly database, K-12 educational outreach, and university-industry collaborations. The research approach is based on a modular and distributed monitoring paradigm that is organized into a three level hierarchy: local level measurement of data from servers, routers and switches; intermediate level data analysis and processing of end-to-end traffic measurements, summary statistics and alarms transmitted from the local level; and upper level decision-making and processing of information transmitted from the intermediate level. This modular structure is scalable to large networks of monitoring sites. However, this structure also imposes constraints on data analysis which requires development of new > approaches. Three approaches are being pursued: distributed spatio-temporal data analysis using wavelets over graphs; event detection and classification using distributed pattern analysis and learning; and multi-site event correlation using discrete event dynamical systems and decentralized stochastic systems.

View original record on NSF Award Search →