Section: Application Domains

Telecommunication monitoring

Telecommunication networks are a good example of large-scale complex systems. Moreover, monitoring telecommunication networks is an important task to ensure a good quality of service.

We are focusing on another important issue, how to detect intrusion attempts in local networks or web servers. Two main techniques have been used so far: signature-based and anomaly-based detection. The first one makes use of a signature database which contains specific patterns that can be related to attacks. The second one makes use of a model representing the normal behavior of the observed system (local network, web server, etc.). Within the first method, any deviation from the behavior inferred by the model can be associated with a faulty state. Data mining is widely used to extract signatures from data. Concerning the second method data stream mining, e.g. dynamic clustering [16] , can be used for detecting discrepancies between the system actual behavior and a normal one.

Another important issue for telecommunication networks monitoring is to predict the subjective quality of monitoring and diagnosis from collected technical data. If many false alarms are generated or many faults are missed during monitoring, new diagnostic knowledge must be acquired i.e. the models should be updated. Furthermore, in the context of data streams new data arrive continuously and cannot be stored in totality. Thus, the model used for diagnosis must be continuously adapted and knowledge acquisition must be performed on the fly concurrently with diagnosis [13] .