---

* Research

Ph.D. Theses

Distributed Framework for Deploying Machine Learning in Network Management and Security

By Alan Bivens
Advisor: Boleslaw K. Szymanski
January 24, 2003

As computer networks grow in frequency, size, and degree of segmentation, network management applications must not only provide efficiency, non-intrusiveness, and reliability, but also must be able to scale these characteristics over a wide range of architectures. We propose a distributed framework for network management middleware. The goal is to distribute functional agents to locations where they may carry on the actions of the management application closer to the managed node. In large networks with multiple managers, problems in a network usually draw attention and management traffic to the problem location. This added management traffic only exaggerates the problem. We show and quantify the benefits of the proposed distribution by implementing several real-time network managers using our distributed framework. We also propose and describe several management techniques, including congestion control and network parameter optimization, which use the distributed framework.

The effects of the agent-based distribution that we developed also enables the application of centrally managed but functionally distributed agents to fields where scalable, centralized management was not practical. One such field is Intrusion Detection. Currently, intrusion detection processes are individually installed and independently managed preventing large-scaled distributed detection. We propose and describe here many intrusion detection methods targeting both host-based and network-based attacks. Consistent across our work is the application of intelligence or learning techniques, such as Perceptron-based neural networks, self-organizing maps, and genetic algorithms.

Our approaches strive to provide scalability. We study and provide a process for simulation-based scalability evaluation through application segmentation and its relationship to real networks. We compare our framework to traditional architectures of network management using both experimentation and simulation.

* Return to main PhD Theses page


---

---