Skip to main content

An Experiment: Network Anomaly Lifecycle
draft-netana-nmop-network-anomaly-lifecycle-05

Document Type Replaced Internet-Draft (nmop WG)
Expired & archived
Authors Vincenzo Riccobene , Antonio Roberto , Thomas Graf , Wanting Du , Alex Huang Feng
Last updated 2024-11-27 (Latest revision 2024-11-03)
Replaced by draft-ietf-nmop-network-anomaly-lifecycle
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Formats
Yang Validation 29 errors, 0 warnings
Additional resources Related Implementations
GitHub Repository
Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-nmop-network-anomaly-lifecycle
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

Network Anomaly Detection is the act of detecting problems in the network. Accurately detect problems is very challenging for network operators in production networks. Good results require a lot of expertise and knowledge around both the implied network technologies and the connectivity services provided to customers, apart from a proper monitoring infrastructure. In order to facilitate network anomaly detection, novel techniques are being introduced, including programmatical, rule-based and AI-based, with the promise of improving scalability and the hope to keep a high detection accuracy. To guarantee acceptable results, the process needs to be properly designed, adopting well-defined stages to accurately collect evidence of anomalies, validate their relevancy and improve the detection systems over time, iteratively. This document describes a well-defined approach on managing the lifecycle process of a network anomaly detection system, spanning across the recording of its output and its iterative refinement, in order to facilitate network engineers to interact with the network anomaly detection system, enable the "human-in-the-loop" paradigm and refine the detection abilities over time. The major contributions of this document are: the definition of three key stages of the lifecycle process, the definition of a state machine for each anomaly annotation on the system and the definition of YANG data models describing a comprehensive format for the anomaly labels, allowing a well-structured exchange of those between all the interested actors.

Authors

Vincenzo Riccobene
Antonio Roberto
Thomas Graf
Wanting Du
Alex Huang Feng

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)