Fault detection and prediction for management of computer networks

US 20040168100A1
Filed: 01/14/2004
Published: 08/26/2004
Est. Priority Date: 12/04/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method for predictive fault detection in network traffic, comprising the steps of:

choosing a set of Management Information Base (MIB) variables related to said fault detection;

sensing a change point observed in each said MIB variable in said network traffic;

generating a variable level alarm corresponding to said change point; and

combining said variable level alarm to produce a node level alarm.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved system and method for network fault and anomaly detection is provided based on the statistical behavior of the management information base (MIB) variables. The statistical and temporal information at the variable level is obtained from the sensors associated with the MIB variables. Each sensor performs sequential hypothesis testing based on the Generalized Likelihood Ratio (GLR) test. The ouputs of the individual sensors are combined using a fusion center, which incorporates the interdependencies of the MIB variables. The fusion center provides temporally correlated alarms that are indicative of network problems. The detection scheme relies on traffic measurement and is independent of specific fault descriptions.

Citations

70 Claims

1. A method for predictive fault detection in network traffic, comprising the steps of:
- choosing a set of Management Information Base (MIB) variables related to said fault detection;
  
  sensing a change point observed in each said MIB variable in said network traffic;
  
  generating a variable level alarm corresponding to said change point; and
  
  combining said variable level alarm to produce a node level alarm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein said MIB variables are interfaces (if) and Internal Protocols (ip).
  - 3. The method of claim 2 wherein said interfaces (if) further comprise variables ifIO (In Octets) and ifOO.
  - 4. The method of claim 2 wherein said Internal Protocol (ip) further comprise variables ipIR (In Receives), ipIDE (In Delivers) and ipOR (Out Requests).
  - 5. The method of claim 1 wherein said generating step further comprise the step of linearly modeling said MIB variables using a first order auto-regressive (AR) process to generate said variable level alarm.
  - 6. The method of claim 5 further comprising the step of performing a sequential hypothesis test utilizing a Generalized Likelihood Ratio (GLR) on said linear model to generate said variable alarm.
  - 7. The method of claim 1 wherein said combining step further comprise the step of correlating spatial and temporal information from said MIB variables.
  - 8. The method of claim 7 wherein said step of correlating is performed utilizing a linear operator.
  - 9. The method of claim 1 wherein said fault detection is applied as the definition of Quality of Service (QoS).
  - 10. The method of claim 1 wherein said MIB variables are maintained by an Simple Network Management Protocol (SNMP).
  - 11. The method of claim 1 wherein said network is a local area network.
  - 12. The method of claim 1 wherein said network is a local area network.
  - 13. The method of claim 1 wherein said fault comprise predictable and non-predictable faults.

14. A method for predictive fault detection in a network, comprising the steps of:
- generating variable level alarms corresponding to abrupt changes observed in each selected MIB variable; and
  
  correlating spatial and temporal information from said MIB variables utilizing a linear operator to produce a node level alarm.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 15. The method of claim 14 wherein said MIB variables are interfaces (if and Internal Protocols (ip).
  - 16. The method of claim 15 wherein said interfaces (if) further comprise variables ifIO (In Octets) and ifOO.
  - 17. The method of claim 15 wherein said Internal Protocol (i) further comprise variables ipIR (In Receives), ipIDE (In Delivers) and ipOR (Out Requests).
  - 18. The method of claim 14 wherein said step of generating further comprise the step of linearly modeling said MIB variables using a first order auto-regressive (AR) process to generate said variable level alarm.
  - 19. The method of claim 18 further comprising the step of performing a sequential hypothesis test utilizing a Generalized Likelihood Ratio (GLR) on said linear model to generate said variable alarm.
  - 20. The method of claim 14 wherein said fault detection is applied in the definition of Quality of Service (QoS).
  - 21. The method of claim 14 wherein said MIB variables are maintained by an Simple Network Management Protocol (SNMP).
  - 22. The method of claim 14 wherein said network is a local area network.
  - 23. The method of claim 14 wherein said network is a local area network.
  - 24. The method of claim 14 wherein said fault comprise predictable and non-predictable faults.

25. A method for predictive fault detection in a network, comprising the steps of:
- sensing network traffic and generating variable level alarms corresponding to changes in said traffic; and
  
  correlating spatial and temporal information from MIB variables related to said fault detection utilizing a linear operator to produce a node level alarm.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 26. The method of claim 25 wherein said MIB variables are interfaces (if) and Internal Protocols (ip).
  - 27. The method of claim 26 wherein said interfaces (if) further comprise variables ipIO (In Octets) and ifOO.
  - 28. The method of claim 26 wherein said Internal Protocol (ip) further comprise variables ipIR (In Receives), ipIDE (In Delivers) and ipOR (Out Requests).
  - 29. The method of claim 25 wherein said step of generating further comprise the step of linearly modeling said MIB variables using a first order auto-regressive (AR) process to generate said variable level alarm.
  - 30. The method of claim 29 further comprising the step of performing a sequential hypothesis test utilizing a Generalized Likelihood Ratio (GLR) on said linear model to generate said variable alarm.
  - 31. The method of claim 25 wherein said fault detection is applied in the definition of Quality of Service (QoS).
  - 32. The method of claim 25 wherein said MIB variables are maintained by an Simple Network Management Protocol (SNMP).
  - 33. The method of claim 25 wherein said network is a local area network.
  - 34. The method of claim 25 wherein said network is a local area network.
  - 35. The method of claim 25 wherein said fault comprise predictable and non-predictable faults.

36. A system for detecting fault in a network traffic, comprising:
- a data processing unit for choosing a set of Management Information Base (MIB) variables related to said fault detection;
  
  a sensor for sensing a change point observed in each said MIB variable in said network traffic and generating a variable level alarm corresponding to said change point; and
  
  a fusion center for combining said variable level alarm to produce a node level alarm.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 37. The system of claim 36 wherein said MIB variables are interfaces (if) and Internal Protocols (ip).
  - 38. The system of claim 37 wherein said interfaces (if) further comprise variables ifIO (In Octets) and ifOO.
  - 39. The system of claim 37 wherein said Internal Protocol (ip) further comprise variables ipIR (In Receives), ipIDE (In Delivers) and ipOR (Out Requests).
  - 40. The system of claim 36 wherein said sensor linearly models said MIB variables using a first order auto-regressive (AR) process to generate said variable level alarm.
  - 41. The system of claim 40 wherein said sensor performs a sequential hypothesis test utilizing a Generalized Likelihood Ratio (GLR) on said linear model to generate said variable alarm.
  - 42. The system of claim 36 wherein said fusion center correlates spatial and temporal information from said MIB variables.
  - 43. The system of claim 42 wherein said correlating is performed utilizing a linear operator.
  - 44. The system of claim 36 wherein said fault detection is applied in the definition of Quality of Service (QoS).
  - 45. The system of claim 36 wherein said MIB variables are maintained by an Simple Network Management Protocol (SNMP).
  - 46. The system of claim 36 wherein said network is a local area network.
  - 47. The system of claim 36 wherein said network is a local area network.
  - 48. The system of claim 36 wherein said fault comprise predictable and non-predictable faults.

49. A system for predictive fault detection in a network comprising:
- at least one sensor for generating variable level alarms corresponding to a change observed in a selected MIB variable; and
  
  a fusion center for correlating spatial and temporal information from said MIB variables utilizing a linear operator to produce a node level alarm.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 50. The system of claim 49 wherein said MIB variables are interfaces (if) and Internal Protocols (ip).
  - 51. The system of claim 50 wherein said interfaces (if) further comprise variables ifIO (In Octets) and ifOO.
  - 52. The system of claim 50 wherein said Internal Protocol (i) further comprise variables ipIR (In Receives), ipIDE (In Delivers) and ipOR (Out Requests).
  - 53. The system of claim 49 wherein said sensor linearly models said MIB variables using a first order auto-regressive (AR) process to generate said variable level alarm.
  - 54. The system of claim 53 wherein said sensor performs a sequential hypothesis test utilizing a Generalized Likelihood Ratio (GLR) on said linear model to generate said variable alarm.
  - 55. The system of claim 49 wherein said fault detection is applied in the definition of Quality of Service (QoS).
  - 56. The system of claim 49 wherein said MIB variables are maintained by an Simple Network Management Protocol (SNMP).
  - 57. The system of claim 49 wherein said network is a local area network.
  - 58. The system of claim 49 wherein said network is a local area network.
  - 59. The system of claim 49 wherein said fault comprise predictable and non-predictable faults.

60. A system for monitoring network traffic for predictive fault detection, comprising:
- at least one sensor for generating a variable level alarm corresponding to a change in said traffic; and
  
  a fusion center for correlating spatial and temporal information from MIB variables related to said fault detection utilizing a linear operator to produce a node level alarm.
- View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
- - 61. The system of claim 60 wherein said MIB variables are interfaces (if) and Internal Protocols (ip).
  - 62. The system of claim 61 wherein said interfaces (if) further comprise variables ifIO (In Octets) and ifOO.
  - 63. The system of claim 61 wherein said Internal Protocol (ip) further comprise variables ipIR (In Receives), ipIDE (In Delivers) and ipOR (Out Requests).
  - 64. The system of claim 60 wherein said sensor linearly models said MIB variables using a first order auto-regressive (AR) process to generate said variable level alarm.
  - 65. The system of claim 64 wherein said sensor performs a sequential hypothesis test utilizing a Generalized Likelihood Ratio (GLR) on said linear model to generate said variable alarm.
  - 66. The system of claim 60 wherein said fault detection is applied in the definition of Quality of Service (QoS).
  - 67. The system of claim 60 wherein said MIB variables are maintained by an Simple Network Management Protocol (SNMP).
  - 68. The system of claim 60 wherein said network is a local area network.
  - 69. The system of claim 60 wherein said network is a local area network.
  - 70. The system of claim 60 wherein said fault comprise predictable and non-predictable faults.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rensselaer Polytechnic Institute
Original Assignee
Rensselaer Polytechnic Institute
Inventors
Thottan, Marina K., Ji, Chuanyi

Application Number

US10/433,459
Publication Number

US 20040168100A1
Time in Patent Office

Days
Field of Search
US Class Current

714/4
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/046   comprising network manageme...

H04L 41/064   involving time analysis

H04L 41/065   involving logical or physic...

H04L 41/147   for predicting network beha...

H04L 69/40   for recovering from a failu...

Fault detection and prediction for management of computer networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

70 Claims

Specification

Solutions

Use Cases

Quick Links

Fault detection and prediction for management of computer networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

70 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links