Accessibility Degradation Prediction on LTE/SAE Network Using Discrete Time Markov Chain (DTMC) Model

In this paper, an algorithm for predicting accessibility performance on an LTE/SAE network based on relevant historical key performance indicator (KPI) data is proposed. Since there are three KPIs related to accessibility, each representing different segments, a method to map these three KPI values onto the status of accessibility performance is proposed. The network conditions are categorized as high, acceptable or low for each time interval of observation. The first state shows that the system is running optimally, while the second state shows that the system has deteriorated and needs full attention, and the third state indicates that the system has gone into degraded conditions that cannot be tolerated. After the state sequence has been obtained, a transition probability matrix can be derived, which can be used to predict future conditions using a DTMC model. The results obtained are system predictions in terms of probability values for each state for a specific future time. These prediction values are required for proactive health monitoring and fault management. Accessibility degradation prediction is then conducted by using measurement data derived from an eNodeB in the LTE network for a period of one month

Detecting and predicting outages in mobile networks with log data.

Modern cellular networks are complex systems offering a wide range of services and present challenges in detecting anomalous events when they do occur. The networks are engineered for high reliability and, hence, the data from these networks is predominantly normal with a small proportion being anomalous. From an operations perspective, it is important to detect these anomalies in a timely manner, to correct vulnerabilities in the network and preclude the occurrence of major failure events. The objective of our work is anomaly detection in cellular networks in near real-time to improve network performance and reliability. We use performance data from a 4G LTE network to develop a methodology for anomaly detection in such networks. Two rigorous prediction models are proposed: a non-parametric approach (Chi-Square test), and a parametric one (Gaussian Mixture Models). These models are trained to detect differences between distributions to classify a target distribution as belonging to a normal period or abnormal period with high accuracy. We discuss the merits between the approaches and show that both provide a more nuanced view of the network than simple thresh- olds of success/failure used by operators in production networks today

Developing reliable anomaly detection system for critical hosts: a proactive defense paradigm

Current host-based anomaly detection systems have limited accuracy and incur high processing costs. This is due to the need for processing massive audit data of the critical host(s) while detecting complex zero-day attacks which can leave minor, stealthy and dispersed artefacts. In this research study, this observation is validated using existing datasets and state-of-the-art algorithms related to the construction of the features of a host's audit data, such as the popular semantic-based extraction and decision engines, including Support Vector Machines, Extreme Learning Machines and Hidden Markov Models. There is a challenging trade-off between achieving accuracy with a minimum processing cost and processing massive amounts of audit data that can include complex attacks. Also, there is a lack of a realistic experimental dataset that reflects the normal and abnormal activities of current real-world computers. This thesis investigates the development of new methodologies for host-based anomaly detection systems with the specific aims of improving accuracy at a minimum processing cost while considering challenges such as complex attacks which, in some cases, can only be visible via a quantified computing resource, for example, the execution times of programs, the processing of massive amounts of audit data, the unavailability of a realistic experimental dataset and the automatic minimization of the false positive rate while dealing with the dynamics of normal activities. This study provides three original and significant contributions to this field of research which represent a marked advance in its body of knowledge. The first major contribution is the generation and release of a realistic intrusion detection systems dataset as well as the development of a metric based on fuzzy qualitative modeling for embedding the possible quality of realism in a dataset's design process and assessing this quality in existing or future datasets. The second key contribution is constructing and evaluating the hidden host features to identify the trivial differences between the normal and abnormal artefacts of hosts' activities at a minimum processing cost. Linux-centric features include the frequencies and ranges, frequency-domain representations and Gaussian interpretations of system call identifiers with execution times while, for Windows, a count of the distinct core Dynamic Linked Library calls is identified as a hidden host feature. The final key contribution is the development of two new anomaly-based statistical decision engines for capitalizing on the potential of some of the suggested hidden features and reliably detecting anomalies. The first engine, which has a forensic module, is based on stochastic theories including Hierarchical hidden Markov models and the second is modeled using Gaussian Mixture Modeling and Correntropy. The results demonstrate that the proposed host features and engines are competent for meeting the identified challenges