Combining Routing and Traffic Data for Detection of IP Forwarding Anomalies
Source: AT&T Labs
For rapid problem-diagnosis in data-transmission over the internet, the use of an innovative technology that detects forwarding anomalies uses a combined feature system with routing. One of the important features about solving the anomalies pertains to the robustness of the mechanism that detects the problems. The system is of a combining nature under which two elements are integrated. The integration is done between routing and traffic data stream in order to detect and report forwarding anomalies and to communicate the evaluation of the method in a tier-1 ISP backbone. The reporting of a forwarding anomaly is useful in reducing the false alarm rate. This is a greater apprehension in case of using data streams unilaterally. Informative alarm indicators are produced by transforming the data streams separately. The forwarding anomaly is put on at the indicators, and it will show only if the two strands of data stream indicate anomalous behavior at the same time. The use of concurrent data strands for detecting IP forwarding anomalies have been understood to have a higher efficiency than a system which uses each of them separately as the chance of a false alarm is considered inevitable any time in the future. A pair of similarly connected strands can only increase the accuracy of such an error report.