Unveiling the underlying relationships over a network for monitoring purposes

Abstract

Nowadays traffi c monitoring and analysis tools provide poor information about traffi c volume without giving any clear view of what the hidden rules and relationships that govern these fl ows are. Since the majority of fl ows is generated by services (web browsing, email, p2p) and most of these applications are dependent on many network assets (servers and databases) we should discover the underlying relationships of every application. We present a technique that discovers the hidden relationships among components of a network that consist of parts of specifi c applications. From time information and fl ow attributes, such as IP addresses and service ports, our method using a novel hybrid genetic algorithm produces a small set of fuzzy rules that can reveal the underlying relationships over a network without any guidance. These dependencies build a service graph which can become a useful tool for fault localization, monitoring service performance, designing changes and anomaly detection. Copyright © 2009 John Wiley & Sons, Ltd.