Incident management on telecom and computer networks, whether it is related to infrastructure or cybersecurity issues, requires the ability to simultaneously and quickly correlate and interpret a large number of heterogeneous technical information sources. In this thesis, we study the benefits of structuring this data into a knowledge graph, and examine how this structure helps to manage the complexity of networks, particularly for applications in anomaly detection on dynamic and large-scale networks. Through an ontology (a model of concepts and relationships to describe an application domain), knowledge graphs allow different-looking information to be given a common meaning. We first introduce a new ontology for describing network infrastructures, incidents, and operations. We also describe an architecture for transforming network data into a knowledge graph organized according to this ontology, using Semantic Web technologies to foster interoperability. The resulting knowledge graph allows for standardized analysis of network behavior. We then define three families of algorithmic techniques for using the graph data, and show how these techniques can be used to detect abnormal system behavior and assist technical support teams in incident diagnosis. Finally, we present a software architecture to facilitate the interactions of support teams with the knowledge graph and diagnostic algorithms through a specialized graphical user interface. Each proposal has been independently tested through experiments and demonstrations, as well as by a panel of expert users using the specialized graphical interface within an integrated solution.
Anomaly detection using knowledge graphs and synergistic reasoning: Application to network management and cyber security
Thesis
Type:
Thèse
Date:
2024-09-30
Department:
Data Science
Eurecom Ref:
7706
Copyright:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in Thesis and is available at :
See also:
PERMALINK : https://www.eurecom.fr/publication/7706