Paper Info
Title
RCATool - A Framework for Detecting and Diagnosing Anomalies in Cellular Networks
Abstract
The DNS protocol has proved to be a valuable means for identifying and dissecting large-scale anomalies in omnipresent Over The Top (OTT) Internet services. In this paper, we present and evaluate a framework for detecting and diagnosing traffic anomalies via DNS traffic analysis. Detection of such anomalies is achieved by monitoring different DNS-related symptomatic features, flagging a warning as soon as one or more of them show a significant change. The investigation of the root causes for such deviations is done by looking at significant changes in a number of diagnostic features (i.e., device manufacturer and OS, requested host name, error codes, etc.), which convey information directly linked to the potential origins of the detected anomalies. For the purpose of detecting significant changes in the time-series of diagnostic features, we propose two different schemes: the first is based of change point detection applied to the entropy of the considered features, the second considers the full statistical distribution of the traffic features. The proposed solutions are tested and compared using both real and synthetic data from a nationwide mobile ISP, the latter generated from real traffic statistics to resemble the real mobile network traffic. To show the operational value of the proposed framework, we report the results of the diagnosis in two prototypical cases.
Year
DOI
Venue
2015
10.1109/ITC.2015.30
International Test Conference
Keywords
Field
DocType
Anomaly Detection, Root Cause Analysis, Network Measurements, Statistical Analysis
Traffic analysis,Change detection,Flagging,Computer science,Domain Name System,Computer network,Real-time computing,Synthetic data,Cellular network,The Internet
Conference
Citations 
PageRank 
References 
4
0.41
10
Authors
4
Name
Order
Citations
PageRank
Pierdomenico Fiadino111911.16
Alessandro D'Alconzo233026.01
Mirko Schiavone3404.38
Pedro Casas4697.09