Portal de Periódicos da CAPES

Towards the Automatic and Schedule-Aware Alerting of Internetwork Time Series

2021; Institute of Electrical and Electronics Engineers; Volume: 9; Linguagem: Inglês

10.1109/access.2021.3073598

2169-3536

Daniel Perdices, José Luis García‐Dorado, Javier Ramos, Rodrigo De Pool, Javier Aracil,

Network Security and Intrusion Detection

A common factor of every network monitoring system is an alerting module for time series. This module aims at triggering a warning when any type of abnormal behavior is detected in the patterns of a time series. Such a search for anomalies can be carried out by network managers as a supervised task such that the thresholds for considering a measurement as an anomaly are set following a manual process. Alternatively, we focus on how to translate such a task to an unsupervised one, thus alleviating network managers' dedication. To this end, we have developed, based on the experience of monitoring dozens of networks, a player of real anomalies. Thus, by recreating real issues, the alerting systems' parametrization can be carried out without supervision. Additionally, as a novelty, we propose to consider the network managers' workforce as a significant parameter to configure the thresholds of the alerting module—essentially, avoiding triggering alarms that will hardly receive attention. Then, we propose to measure and rank alarms by relevance, and relate them to the time to be solved for constructing, eventually, automatic schedules for the members of the staff—according to their time availability. Finally, all these proposals have been put into practice in various deployments of monitoring systems on networks in operation, which gives us evidence of its usefulness and low demand for resources.