Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent this type of traffic is to identify the attack nodes and detach (or block) attack nodes at their egress routers. However, existing traceback mechanisms are currently not widely used for several reasons, such as the necessity of replacement of many routers to support traceback capability, or difficulties in distinguishing between attacks and legitimate traffic. In this paper, we propose a new scheme that enables a traceback from a victim to the attack nodes. More specifically, we identify the egress routers that attack nodes are connecting to by estimating the traffic matrix between arbitral source-destination edge pairs. By monitoring the traffic variations obtained by the traffic matrix, we identify the edge routers that are forwarding the attack traffic, which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately.

Automatic discovery of physical topology plays a crucial role in enhancing the manageability of modern large Ethernet mesh networks. Despite the importance of the problem, earlier research and commercial network management tools have typically concentrated on either discovering active topology, or proprietary solutions targeting specific product families. Recent works [1]-[3] have demonstrated that physical topology can be determined using standard SNMP MIB, but these algorithms depend on Filtering Database and rely on the so-called spanning tree protocol (IEEE 802.1d) in order to break cycles, thereby avoiding the possibility of infinitely circulating packets and deadlocks. A previous work [1] requires that Filtering Database entries are completed; however it is a very critical assumption in a realistic Ethernet mesh network. In this paper, we have proposed a new topology discovery algorithm which works without the complete knowledge of Filtering Database. Our algorithm can discover complete physical topology including inactive interfaces eliminated by the spanning tree protocol in LEMNs. The effectiveness of the algorithm is demonstrated by an implementation.

The advent of mobile IP communication has opened up several new areas of mission critical communication applications. But the bandwidth and reliability constraints coupled with handover latency are posing some hurdles which need to be overcome before real world mobile IP applications, with low tolerance for data loss, can be deployed. In this paper, we analyze the unreliability of existing information collection methods in the real-world MobileIP environment. We focus on this problem and propose a novel network management model that anticipates the wireless mobile entities and uses SNMP. The key idea of this model is the introduction of a store-and-forward type Managed Object (MO). During the period of unreachability between the Manager and the agent, the data is cached at the agent until the connectivity recovers. In our experiment we used a prototype implementation in real-world wireless communication field, and showed the effectiveness of our proposed method.

In the 1960's, the problems of distributed systems management did not exist. Systems were centralized and typically housed in one facility. Over time, however, the power, complexity and connectivity of the computer systems and networks evolved. Today, businesses are dependent on their compute and networking infrastructures to operate and survive. These infrastructures are geographically and functionally distributed, and their management is critical. This paper discusses how distributed systems management has evolved, and what the future may bring.

This paper discusses a framework for automating fault management using distributed software agents. The management function is distributed among multiple agents that can carry out advanced reasoning activities on the network domain. Network domain modeling using Bayesian network is introduced. The agent detects, correlates and selectively seeks to derive a clear explanation of the alarms generated in its domain. Depending on the network's degree of automation, the agent can even carry out local recovery actions. The ideas of the paper are implemented in a software for inference in Bayesian network. We identify the potentialities of learning in the agent model, and present the class of problems to be addressed.

This paper proposes two topology discovery algorithms for IP networks, namely, a network layer topology discovery algorithm and a link layer topology discovery algorithm. The network layer topology discovery algorithm discovers the subnets and devices in the network of interest and the connections among them. The devices in a subnet can be found by a network layer topology discovery algorithm; however, the connections among the devices cannot be obtained. The link layer topology discovery algorithm is proposed to find the devices in a subnet and the connections among them. The two algorithm are integrated to find the detailed topology map of an IP network. The proposed topology discovery algorithms are implemented based on the Tcl/Tk and Scotty environment. Some implementation details are discussed.

Network monitoring is one of the most significant functions in network management to understand the state of a network in real-time. In SNMP (Simple Network Management Protocol), polling is used for this purpose. If the time interval for two consecutive polling requests is too long, then we cannot understand the state of the network in real-time. Conversely, if it is too short, then the polling message traffic increases and imposes a heavy load on the network. Many dynamic polling algorithms have been proposed for controlling the increase in the polling message traffic. However, they cannot keep track of the time variations of management information values, since their main objectives are to check whether or not a network node is active and the next polling interval is determined being independent of the time variations of the values. The existing polling algorithms are thereby not applicable to the case where monitoring the time variation of management information values is critical. This paper proposes a new dynamic polling algorithm which, by making use of Discrete Fourier Transformation, enables not only to control the increase in the polling message traffic but also to keep track of the time variations of network management information values. We show the availability of the proposed algorithm by evaluating it through both simulations and experiments in actual network environment.

Network traffic contains many symptoms of various network faults. Symptoms of faults aggregate and are manifested in the aggregate traffic characteristics generally observed by a traffic monitor. It is very difficult for a manager or an NMS (Network Management Station) to isolate the symptoms manifested in the aggregate traffic characteristics. Especially, transit networks, like a backbone network, deal with many types of traffic. So, symptom isolation must be efficient. In this paper, we propose a powerful algorithm for symptom isolation. This algorithm is based on the popular SNMP-based RMON technology. Using dynamically constructed aggregate, fresh symptoms can be isolated efficiently. We apply the algorithm to two operational transit networks which connects some LANs and WANs, and evaluate it using trace data collected from these networks. The results show a significant improvement in the fault management capability and accuracy. Furthermore, the characteristics of fault symptoms and the various factors for effective system configuration are discussed.

Private networks are becoming globalized and more complicated through LAN-WAN interconnection. While WANs are managed by CMIP, LANs are managed by SNMP. To achieve end-to-end management, the integration of CMIP-based and SNMP-based management is important. We have developed an MI (Management Integration) platform for CMIP-based and SNMP-based management. It provides OSI SMF (Systems Management Function)-based unified basic management services to upper level applications regardless of the differences between CMIP-based and SNMP-based management. It achieves this with two modules: a management information transfer integration module that mainly covers protocol and data format differences between them, and a basic management module that covers functional differences. The translation of management information in the former module can be changed flexibly because the translation is based on an external script file. The latter module has additional SMF-like functions for the management of SNMP agents in addition to SMF manager role functions, etc. Prototype evaluation has demonstrated the feasibility of the MI platform.

The availability of new technologies in the computer and network industry has allowed us to benefit from a wider choice when building new information systems. This paper presents Japan Airlines' challenge to develop a new information network and management infrastructure based on the new technology. Compared with the existing main-frame environment, the new infrastructure will give us a more comfortable and economic network computing environment. Once we think about network management, there are so many issues to be solved. All existing network elements have their own management consoles with different interfaces and commands. Net managers are swimming in the pool of system consoles looking for the one that exactly tells them what is going on at the user site. The industry standard SNMP offers us a much better environment. However, there is still a long way to go before reaching a world where net managers find a single management console with a single object to manage that is composed of all network elements.

In this paper we examine the architectural and operational design issues of a practical network management system using the Simple Network Management Protocol (SNMP) in the context of a large-scale OSI-based campus-network TAINS. Various design aspects are examined and the importance of time-management is elicited. In the proposed design, intelligent, time-synchronised agents are deployed to collect information about the network segments to which they are attached. The manager talks to the agents and gathers relevant network information. This information is used by the expert network manager, in conjunction with a network knowledge base (NKB) and a management information knowledge base (MIKB) , to reconstruct the overall network-traffic characteristic, to evaluate the status of the network and to take/suggest some action. This model is particularly useful in networks where some global control, monitoring and management is desired and installing agents on all elements, connected to the network, is impossible. The use of time labels and narrow time windows enables the manager to obtain a reasonably accurate picture of the network status. The introduction of time-labelled composite objects in the Management Information Base (MIB) provides a means of reducing the load of management-related traffic on the network. The MIKB containing a logical description of the behaviour of the managed objects defined in the MIB, drives the expert system and provides the knowledge of general nature that a human expert has about networks. The proposed MIKB concept provides a very convenient schema for building the knowledge base in an expert network management system. Further since the MIKB is MIB-specific, it can be used in network management systems for managing similar MIB's.