Collaborative Research: Modular Strategies for Global Internetwork Monitoring

This project addresses the longstanding and difficult problem of detecting and classifying spatially distributed network anomalies from multiple monitoring sites. To characterize baseline vs. anomalous behavior of the Internet requires deployment of collaborative data collection, anomaly detection and pattern recognition for complex largescale systems. The project combines the forces of leading researchers in three complementary disciplines: (i) networking and data collection; (ii) statistical data analysis and signal processing; (iii) decentralized decision-making. The research goes well beyond the state-of-the art anomaly detection for centrally administered networks. In particular tools and practical data sharing algorithms are being developed for detecting coordinated intrusions, distributed denial of service attacks, and quality-of-service degradations in decentralized networks such as the Internet. The project also includes activities with broader impact including: creation of a public network anomaly database, K-12 educational outreach, and university-industry collaborations. The research approach is based on a modular and distributed monitoring paradigm that is organized into a three level hierarchy: local level measurement of data from servers, routers and switches; intermediate level data analysis and processing of end-to-end traffic measurements, summary statistics and alarms transmitted from the local level; and upper level decision-making and processing of information transmitted from the intermediate level. This modular structure is scalable to large networks of monitoring sites. However, this structure also imposes constraints on data analysis, which requires development of new approaches. Three approaches are being pursued: distributed spatio-temporal data analysis using wavelets over graphs; event detection and classification using distributed pattern analysis and learning; and multi-site event correlation using discrete event dynamical systems and decentralized stochastic systems.

Principal Investigator: Eric Kolaczyk
Co-Principal Investigator: Mark Crovella
Sponsor: National Science Foundation