An expert-aware Markovian system for end-user proactive troubleshooting in the Network and Security Operations Center
Companies’ Network Operations Centers continuously monitor network health to keep activity fully operational in the current scenario of decentralization of digital workplaces. In this task, network managers have a diverse set of tools to proactively troubleshoot network changes that could potentiall...
| Autores: | , , , , |
|---|---|
| Tipo de recurso: | artículo |
| Fecha de publicación: | 2025 |
| País: | España |
| Institución: | Universidad Autónoma de Madrid |
| Repositorio: | Biblos-e Archivo. Repositorio Institucional de la UAM |
| Idioma: | inglés |
| OAI Identifier: | oai:repositorio.uam.es:10486/730021 |
| Acceso en línea: | https://hdl.handle.net/10486/730021 https://dx.doi.org/10.1016/j.eswa.2025.127072 |
| Access Level: | acceso abierto |
| Palabra clave: | Network monitoring End-user traffic End-user anomalies Network Operations Center Proactive troubleshooting Telecomunicaciones |
| Sumario: | Companies’ Network Operations Centers continuously monitor network health to keep activity fully operational in the current scenario of decentralization of digital workplaces. In this task, network managers have a diverse set of tools to proactively troubleshoot network changes that could potentially lead to network outages. Unfortunately, these tools primarily focus on servers and high-volume services, while changes in end-users’ traffic can also be a symptom of relevant issues such as the misuse and misconfiguration of resources, service slowdowns, and cybersecurity breaches. End-user behavior, in particular, tends to be more erratic and chaotic than server traffic, especially when different users may share the same IP address over time (e.g., DHCP and Wi-Fi environments). To address these challenges, we propose modeling end-user behavior as an unordered collection of activities (i.e., pieces of regular behavior) rather than as time series. These activities, such as downloading a file or browsing the Internet, yield an identifiable sequence of measurements in terms of network metrics over time (e.g., throughput or number of connections). Deviations from typical sequences of measurements are flagged as irregular behaviors, with higher priority assigned to increasingly uncommon patterns. This methodology leverages Markov chains to represent activities as sequences of expert-aware discrete states of network metrics. When applied to a multi-year dataset from a global enterprise, our proposal has been able to cope with the chaotic and challenging environment of end-user behavioral modeling, identifying critical issues such as DNS misconfigurations, compromised printers, and cybersecurity threats |
|---|