An Experiment: Network Anomaly Lifecycle
draft-netana-nmop-network-anomaly-lifecycle-05
Document | Type |
Replaced Internet-Draft
(nmop WG)
Expired & archived
|
|
---|---|---|---|
Authors | Vincenzo Riccobene , Antonio Roberto , Thomas Graf , Wanting Du , Alex Huang Feng | ||
Last updated | 2024-11-27 (Latest revision 2024-11-03) | ||
Replaced by | draft-ietf-nmop-network-anomaly-lifecycle | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Yang Validation | 29 errors, 0 warnings | ||
Additional resources |
Related Implementations
GitHub Repository Mailing list discussion |
||
Stream | WG state | Adopted by a WG | |
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-ietf-nmop-network-anomaly-lifecycle | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Network Anomaly Detection is the act of detecting problems in the network. Accurately detect problems is very challenging for network operators in production networks. Good results require a lot of expertise and knowledge around both the implied network technologies and the connectivity services provided to customers, apart from a proper monitoring infrastructure. In order to facilitate network anomaly detection, novel techniques are being introduced, including programmatical, rule-based and AI-based, with the promise of improving scalability and the hope to keep a high detection accuracy. To guarantee acceptable results, the process needs to be properly designed, adopting well-defined stages to accurately collect evidence of anomalies, validate their relevancy and improve the detection systems over time, iteratively. This document describes a well-defined approach on managing the lifecycle process of a network anomaly detection system, spanning across the recording of its output and its iterative refinement, in order to facilitate network engineers to interact with the network anomaly detection system, enable the "human-in-the-loop" paradigm and refine the detection abilities over time. The major contributions of this document are: the definition of three key stages of the lifecycle process, the definition of a state machine for each anomaly annotation on the system and the definition of YANG data models describing a comprehensive format for the anomaly labels, allowing a well-structured exchange of those between all the interested actors.
Authors
Vincenzo Riccobene
Antonio Roberto
Thomas Graf
Wanting Du
Alex Huang Feng
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)