Telephonic communications – With usage measurement – Call traffic recording or monitoring
Reexamination Certificate
1999-06-29
2003-07-22
Barnie, Rexford (Department: 2643)
Telephonic communications
With usage measurement
Call traffic recording or monitoring
C379S111000, C379S136000, C379S112010, C379S112060, C379S112040, C370S235000
Reexamination Certificate
active
06597777
ABSTRACT:
TECHNICAL FIELD
This invention relates to proactive fault detection and anomaly detection on transaction networks.
BACKGROUND OF THE INVENTION
Transaction-oriented networks, such as AT&T's Transaction Access Services (TAS) network, provide ubiquitous dial-to-packet services for carrying short-duration transaction traffic. Average usage of the TAS network can amount to millions of transactions on a non-busy and typical day. Usage of such transaction networks is continuing to grow at a rapid pace. Typical transactions support point-of sale applications and services (e.g., credit/debit card authorizations and settlements), health care applications, banking and vending applications, and other data-driven sales applications.
Such transaction-oriented networks can be data, telecom, or a combination of data and telecom wide area networks (WANs) that service such short-duration transactions (having a duration in the order of seconds) between a set of terminals (e.g., credit card scanners, or personal computers) and a set of processing servers (e.g., credit processing servers).
FIG. 1
shows a typical network
101
, such as the AT&T TAS network to which is connected a very large plurality of terminal equipment, such as credit card scanners
102
-
1
-
102
-N, and a plurality of host processors
103
-
1
-
103
-M. The AT&T TAS Network comprises three components: an AT&T
800
Network
104
, TAS nodes
105
, and the AT&T Packet network
106
. The TAS network
101
enables transaction-oriented communication between any of the connected terminal devices
102
, which are geographically scattered around the country, and their designated particular processing host. Access of the plural terminal devices
102
to the TAS network is through the 800 Network
104
, which is terminated at the set of TAS nodes (modems)
105
where POTS-to-packet protocol conversion is effected. These nodes use the Dialed Number Identification Service (DNIS) digits provided by the 4ESS™ switches in the 800 network to establish switched virtual circuits (SVCs) in the packet network
106
. The packet network
106
completes the connection between an individual terminal device
102
-i initiating a transaction of a certain type and the particular host processor
103
-j which can complete that type of transaction.
The TAS network
101
concurrently supports transactions of multiple service classes, where each service class represents a different type of transaction. Thus, VISA® credit card transactions directed to the particular VISA host processor that handles such transactions fall within one class, MasterCard® credit card transactions directed to the MasterCard host processor that handles such transactions fall within another class, health-card transactions for a particular pharmaceutical provider directed to that provider's host processor fall within a third class, etc. Transactions between classes are likely to have vastly different temporal characteristics, such as average transaction duration and duration distribution, due to the diverse nature of the type of transactions being supported between classes. Thus, for example, a credit card authorization for a purchase using a VISA credit card would be expected to be of shorter duration than a health-card transaction relating to a drug-refill order.
Because of the tremendously large number of transactions being supported on the network, it is extremely important that network failures and performance degradations be kept at a minimum. A network failure or performance degradation, for example, could easily affect the ability of consumers across the country to make purchases with their credit cards. Such a scenario could have severe economic repercussions to a large segment of the business community. Even the failure or performance degradation of a particular one host processor can strongly impact performances of other service classes and the network as a whole.
Currently network management systems monitor and manage the TAS nodes
105
in the TAS network
101
to detect performance failure in the modem circuitry. Such systems are reactive to a hard failure when it occurs. Similarly, management systems monitor switches in the 800 network
104
and switches in the packet network
106
and are also only reactive actual failures on the monitored part of the network. Thus, only the network itself and the components that comprise the network are currently being monitored and managed from within the network. With such management systems, therefore, the failure or performance degradation of any non-managed element cannot be detected.
It is often, however, the failure or performance degradation of a non-managed element that can have a severely deleterious effect on the entire network. For example, the performance degradation of a host processor serving transactions in a particular service class can result in not only denial of service to that one service class, but to transactions in other service classes which are being serviced by other host processors since all service classes share the same network infrastructure and resources. Further, during periods of high traffic intensity, such as during the Christmas holiday shopping season, resource services for the VISA and MasterCard service classes may be oversubscribed, resulting in the resource hijacking from these dominant service classes from other less dominant service classes resulting in a denial of access for transactions in these other less dominant service classes. Even further, on the transaction input side of the network, a general failure of unmanaged transaction terminals associated with a particular service class will remain undetected by a network management system that only monitors network elements.
It is desirable, therefore, to be able to measure and analyze network performance in real time from which an anomaly can be detected before an actual failure occurs so that corrective actions can be executed in time to avert failures. Fault detection on a local area network using anomaly detection is described by F. Feather, D. Siewiorek and R. Maxion, in a paper entitled “Fault Detection in and Ethernet Using Anomaly Signature Matching”,
Computer Communication Review
(
ACM SIGCOMM
'93), Vol. 23, No. 4, October, 1993. As described in that paper, observable network performance data is directly analyzed to detect anomalies. It has been found, however, that an analysis of directly observed network performance data does not provide sufficient sensitivity to enable off-network anomalies to be detected and thus proactively corrected. In addition, the techniques suggested by Feather et al. apply primarily to an ethernet local area network (LAN) environment.
SUMMARY OF THE INVENTION
In accordance with the present invention, proactive and automatic detection of network failures and performance degradations is achieved by first converting real-time network performance data into a performance-based objective function. The objective function, using current real-time data, is directly correlated with the particular anomalies which the network monitor is trying to detect. That objective function, generated from current data, is then compared with that same objective function as predicted from historical performance data to determine anomalies in the objective function generated from the current data which probabilistically signify a potential fault. Through such a real time comparison, alarms can be generated when anomalies are detected in the objective function generated from the current data.
In the embodiment of the present invention, an objective function used to characterize performance of transaction-oriented networks is defined as traffic intensity. For each transaction, the transaction is characterized by the service class that the transaction belongs to, the start time of the transaction, and the duration of the transaction. From current transaction data, for each service class, a time-dependent traffic intensity is computed that is defined as being equal to the total number of active transactions on the mon
Barnie Rexford
Gurey Stephen M.
Lucent Technologies - Inc.
LandOfFree
Method and apparatus for detecting service anomalies in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for detecting service anomalies in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for detecting service anomalies in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3081390