Adaptive tracking of network behavioral signals for real time forensic analysis of service quality degradation

The current shift from the static access based service model to the dynamic application based service model introduced major challenges for effective forensics of any quality degradation of the provided service. In addition, about 55 percent of the Tier 1 and Tier 2 providers are planning to offer managed security services to guarantee an attack free IP service. In this article, we propose a novel approach of modeling the network behavior in order to select meaningful metrics to be used in tracking the network behavior changes. Based on the deftly selected metrics, we utilize an adaptive exponentially weighted moving average (EWMA) with a moving centerline control chart to monitor the changes of the network behavior. Signaling the network behavior changes in association with the service objective based network behavioral model should provide the required information for effective forensic of the service quality degradation. Our methodology is applied on both simulated and real traces of network behavioral metrics. We illustrate the effectiveness of the forensic analysis model for the selection of relevant behavioral metrics. As well, we show how the adaptive EWMA can be used for tracking the changes in the network behavior from normal to abnormal and vice versa.