Date Added: Sep 2009
Identifying and diagnosing network traffic anomalies, and rectifying their effects are standard, daily activities of network operators. While there is a large and growing literature on techniques for detecting network anomalies, there has been little or no treatment of what to do after a candidate anomaly has been identified. In this paper, the authors present a first step toward formalizing and automating the time-consuming and challenging tasks associated with network anomaly confirmation, diagnosis and remedy. The work assumes that potential anomalies are identified either through visual analysis of key traffic measurements or from a Network Anomaly Detection System (NADS). They describe a flexible framework for network anomaly confirmation, diagnosis and remedy that is based on workflow concepts.