Project Description
This project addresses the longstanding and difficult problem of detecting and
classifying spatially distributed network anomalies from multiple monitoring
sites. To characterize baseline vs. anomalous behavior of the Internet requires
deployment of collaborative data collection, anomaly detection and pattern
recognition for complex large scale systems.
The project combines the forces of
leading researchers in three complementary disciplines: (i) networking and data
collection; (ii) statistical data analysis and signal processing; (iii)
decentralized decision-making. The research goes well beyond the state-of-the
art anomaly detection for centrally administered networks. In particular tools
and practical data sharing algorithms are being developed for detecting
coordinated intrusions, distributed denial of service attacks, and
quality-of-service degradations in decentralized networks such as the Internet.
The project also includes activities with broader impact including: creation of
a public network anomaly database, K-12 educational outreach, and
university-industry collaborations.
Research Approach
The research
approach is based on a modular and distributed monitoring paradigm that is
organized into a three level hierarchy: local level measurement of data from
servers, routers and switches; intermediate level data analysis and processing
of end-to-end traffic measurements, summary statistics and alarms transmitted
from the local level; and upper level decision-making and processing of
information transmitted from the intermediate level. (Please see the figure below.) This modular structure is scalable to large networks of monitoring sites. However, this structure also
imposes constraints on data analysis which requires development of new
approaches. Three approaches are being pursued: distributed spatio-temporal data
analysis using wavelets over graphs; event detection and classification using
distributed pattern analysis and learning; and multi-site event correlation
using discrete event dynamical systems and decentralized stochastic systems.
University of Michigan
Prof. Alfred Hero:
homepage
Prof. Stéphane Lafortune:
homepage
Prof. George Michailides:
homepage
Prof. Demosthenis Teneketzis
Projects at the University of Michigan
Projects Based at the University of Michigan
Featuring recent work by members of Prof. Hero's group
Co-PI Involved: Alfred Hero
Student: Meng-Fu Shih
Co-PI Involved: George Michailidis
Collaborator: Vijay N. Nair
Students: Bowei Xi and Earl Lawrence
Co-PI Involved: Alfred Hero
Student: Doron Blatt
Co-PI Involved: Alfred Hero
Student: Derek Justice
Co-PI Involved: Alfred Hero
Student: Neal Patwari
Co-PI Involved: Alfred Hero
Student: Jose Costa
Co-PI Involved: Stéphane Lafortune
Students: Olivier Contant, Sahika Genc, Patricia Pena, Kurt Rohloff
Co-PI Involved: Stéphane Lafortune
Student: Yin Wang
Co-PI Involved: Stéphane Lafortune and Demosthenis Teneketzis
Students: Olivier Contant, Patrick Macnamara
Co-PI Involved: Demosthenis Teneketzis
Student: David Thorsley
Projects Based at the University of Wisconsin
Co-PI Involved: Robert D. Nowak
Student: Rui M. Castro
Co-PI Involved: Robert D. Nowak
Student: Michael Rabbat
Co-PI Involved: Paul Barford
Students: Vinod Yegneswaran, Joel Sommers, Shilpi Agarwal
Projects Based at Boston University
Co-PI's Involved: Eric Kolaczyk and Mark Crovella
Student: David Chua Shih
Co-PI's Involved: Eric Kolaczyk and Mark Crovella
Student: Anukool Lakhina
Prof. Rob Nowak: homepage 
Prof. Eric Kolaczyk: homepage