JOURNAL OF COMPUTING, VOLUME 3, ISSUE 11, NOVEMBER 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING WWW.JOURNALOFCOMPUTING.

ORG

95

ENFD: An Expert System tool for Fault Detection on Computer Network

Effat mirzaei1, Chitra Dadkhah2
Abstract One of the important tasks of computer network administrator is diagnostic faults occurred in computer networks. Design an automated system is necessary because the absence of computer network manager in the organization and detect the faults quickly. So this paper aims to design an ENFD system (Expert Network Fault Detection) based on expert knowledge for detecting the hardware and software problems in computer networks. The knowledge of ENFD system has been classified in four categories (client, server, network hardware and firewall) based on expert opinion and has been represented with If-then method, which is compatible with the problem nature, in knowledge base of system. The ENFD system will suggest an appropriate solution for solving the detected problem. The ENFD system is independent on the topology of computer networks and it is easily usable for users who have not a lot of information on computer networks. In the absent of specialists when problems is occur, computer network management could consult the ENFD system for solving the problem. The ENFD system is capable to explain the cause of the problems has occurred for increasing the accurate of its inference. The ENFD system designed and tested with prolog programming language.

Index Terms expert system, computer network, fault detection, decision tree

1 INTRODUCTION
omputer network means a collection of autonomous computers interconnected by a single technology. Two computers are said to be interconnected if they are able to exchange information. Most networks are organized as a stack of layers, each one built upon the one below it. The number of layers, the name of each layer, the contents of each layer, and the function of each layer differ from network to network. The purpose of each layer is to offer certain services to the higher layers, shielding those layers from the details of how the offered services are actually implemented. Two important network architectures are the OSI reference model and the TCP/IP reference model [1]. One of the major applications of artificial intelligence is expert systems. Expert system is an intelligent computer program that shows its skills in specific and sophisticated fields such as professional person in problem solving [2]. Main components of expert systems are Knowledge base, Working storage, Inference engine, Explanation and User interface. Bottleneck of expert system design is knowledge acquisition phase the result of which is the knowledge obtained from experts and collected and maintained with appropriate knowledge representation method in the knowledge base system. Applications of an expert system consists of fault diagnosis, solutions and choosing among description and reasoning of the selected solution and record and reconstruct all the steps to solve a problem using expert knowledge.

Since a computer network will be faced with different problems, one of the main tasks of computer network manager is resolve that. But due to the absence of permanent experts in computer network, not the most efficient computer network administrator at any time and need quick resolves problems; an expert system is required for problem diagnosis in computer networks. But the works which have been reviewed in the field of fault recovery in computer network, act so that, the first condition of the computer network is investigated and the information are collected in this field. Then if there is any abnormal status, warnings occur. Next, the exact causes of warnings be analyzed and diagnosed. In the final stage, based on the existing knowledge base, the solution will be provided or informed to the computer network manager to recovery. However, the work has been done in this paper is, according to the information stated in Part 2 of the ENFD Intelligent Systems, when a user with a problem is encountered, uses this system and with ask multiple questions of user, recovery the fault and Offers a suitable solution. Eexpert systems are designed to detect, diagnose and troubleshoot problems in computer networks. [3-9] This paper aims to design an expert system to help managers make decisions in the absence of computer network expert.

2 STRUCTURE OF ENFD SYSTEM

ENFD system is an expert system for detecting the most hardware and software fault and propose the appropriate solution on computer networks. The structure and

1. Master student, North Tehran of Islamic Azad University 2. Assistant Professor, K.N Toosi University of Technology

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 11, NOVEMBER 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING WWW.JOURNALOFCOMPUTING.ORG

96

Architecture of ENFD system is shown in Fig 1. The user (computer manager network at any organization) could consult with ENFD system for solving the computer network fault quickly.

Fig. 1. Architecture of ENFD system

The knowledge of ENDF collects with interviewing experts in the field of computer networks and also refers to the documentation in this area. Then with the rulebased knowledge representation method which is compatible with the problem nature is stored in the knowledge base of ENFD intelligent system. Inference engine of ENFD intelligent systems survey the existing rules, by using backward chaining method and referring knowledge base system. By the user interface, if necessary the user asked questions. By received the answer and refer to the working memory system inference will continue, until deal to the first problem was discovered in the computer network. Then as inference of knowledge which is stored in working memory system, announced to the user. Because of the high-speed of ENFD intelligent system, policy of inference engine is designed to stop with diagnosis of first problem (fault). This system to increase user confidence has an explanation module. The task of this module inform to user for how the fault diagnosis this fault in the computer network. In addition to test the system and evaluation of system results by experts or system designers, its possible to track among the rules during conclusion.

Fig. 2. Fault tree in computer network

2.1 Classification of faults

The knowledge of ENFD system was collected by interview with experts in computer networks and also studies the related documents and sites [9] to diagnose relevant fault. We classify the computer network problems with regard to expert opinions using decision tree as shown in Fig 2.

In the following, consider each of the four fault categories: 1. firewall Firewall creates a series of problems. For example, if user can view Internet with browser but cannot view LAN connection, the problem is the software firewall that closes the ports. For the test, user can disable firewall. 2. client According to the fault of computer network in this category, the user needs to exchange the component of his computer for recovery. For example if user is not able to ping 127.0.0.1, it means IP stack failure and need to reinstall TCP/IP. 3. Network hardware To determine the hardware fault, system will be checked the Network Interface Card (NIC), cable, modem, hub, switch and routers in order. Fault of NIC For testing the NIC card, Ping the IP address of the local. If the command result was successful, it means NIC is functioning, otherwise NIC has a problem. To resolve this problem, NIC driver should be reinstalled. If the problem did not resolve again, then NIC card should be replaced. Fault of cable After checking NIC, if client has a problem, cable and connectors should be changed. If the problem did not resolve, modem, hub, switch and router should be checked. Fault of modem In this section, cable, dial up and DSL modem will be check with software and hardware test. For example, DSL modems are shipped from the Internet provider with a

2011 Journal of Computing Press, NY, USA, ISSN 2151-9617 http://sites.google.com/site/journalofcomputing/

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 11, NOVEMBER 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING WWW.JOURNALOFCOMPUTING.ORG

97

number of filters that you are supposed to install on every other phone connection at the circuit in use. Not installing the filters leads to two problems. First, you'll hear constant static on the regular phones when you try to talk, which should be enough of a reason to install them. But some digital phone devices, such as answering machines or faxes, may also interfere with the DSL modem's ability to negotiate an Internet connection unless the filters have been installed. Consult the filter instructions if you aren't sure where to use them. If you are setting up a DSL modem for the first time and can't get an Internet connection (assuming the phone company assures you its live), you can also try unplugging any other phone devices in the house to make sure they aren't causing a problem. Fault of hub Hub does not work complicated. In this case, fault recovery is not difficult. To examine the hub, is sufficient that power LED and ports are on. Fault of switch Switch configuration could be check by special command. For example if VTP protocol has not been implemented, we can send the following command: 1) Switch #config terminal 2) Switch #VTP domain cisco(any name) 3) Switch #VTP password pass (any password) 4) Switch #VTP mode client/server Fault of router To recover the router, configuration should be checked. The configurations are serial Interface, Fast Ethernet Interface, routing protocol, and IOS. For examining the configuration of router protocol, 2 categories of static and dynamic protocols must be check. For example, with the following commands we will check RIPV1 configuring: 1. T > enable 2. T#config terminal 3. T(config) # router rip 4. T(config-router)# network x.y.z.t(net ID1,Classfull address) 5. T(config-router)# network x.y.z.t(net ID2,Classfull address) ... 3. server DHCP, DNS, WINS servers are checked. Fault of DHCP To determine DHCP do configuration correctly, user should pay attention to the appeared addresses of ipconfig/all command, to see whether addresses are in the range expected. For example, if after entering ipconfig/all, configuration information does not appear, it means that doesnt set addresses. These addresses are determined with DHCP, which are allocated by following command: 1. IPCONFIG/RELEASE 2. IPCONFIG/RENEW 3. IPCONFIG/ALL Fault of DNS To check whether the problem is kind of DNS, we should use Ping with the remote computer's host name. If this command was failed, it means the problem is name

resolution. First, by ping the IP addresses of DNS determine, whether local machine is able to communicate with the DNS server but this command does not guarantee the name resolution is working correctly. User can use the Nslookup command to verify that name resolution is working properly. Fault of WINS WINS server exactly acts like DNS server, but WINS server is used in the old operating system like NT while DNS server is used in the windows 2000 and above. For example, if the information returned to a client during name resolution is incorrect or stale, we must look if the name entry in the WINS server database was entered statically. If the name was entered using a static type entry, you can choose from the following options to update WINS: Enable Migrate, Edit the static mapping to update the mapped address information and Delete the static entry from WINS.

2.2 knowledge base

The knowledge base of ENDF base on rule-based method or if-then that is compatible with the problem domain. The classified knowledges (fig.1) represented in the knowledge base of ENFD systems as rules. The studies in the computer network problem show that more problems relevant to fault of configuration and firewall. About %25 to %30 of problem relevant to hardware problem so rule of this category placed at the beginning of the ENFD knowledge base for increasing the speed of inference. With this perspective we order the designed rules as firewall, client, network hardware and server. An example of this type of rules and solutions is as below. Rule 1: if ping_local is no Then NIint_problem is NIC. Rule 2: if NIint_problem is NIC and database_slow is yes Then network_problem is NICone. If output network_problem is NICone: go to NIC>Configuration>Power Management, clear Allow the computer to turn off this device to save power.

2.3 Operation of ENFD system

A prototype of ENFD system implement with version 3.2.5 of Amzi prolog programming language [10, 11]. (Fig 3)

Fig. 3. ENFD system

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 11, NOVEMBER 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING WWW.JOURNALOFCOMPUTING.ORG

98

The ENFD Commands are exit, how, trace on/off, list, load, restart and consult. Since the ENFD system has been designed as a shell, the system loads the knowledges of knowledge base which user tell the path of its file. (Fig 4)

Fig. 4. Load command

Fig. 6. Trace command

Consult command activate inference engine and according with the answers to questions requested, the problem occurred in computer network is detected and inform to user. (Fig 5)

Fig. 7. Why command

Fig. 5. Consult command

Restart command provide reconsultation without exit of the system. The Explanation feature of ENFD system is activated by trace on/off, why and how commands. A rule traces which reports on the progress of a consultation. Fig 6 shows how the user turns on tracing for consultation and the results. It shows the sequence of rule firings as they are expected. Explanation of why the system is asking a question. Fig 7. Shows how the user would ask why and get the inference chain that led to the question. Explanation of how the system reached a given conclusion. The how explanations start with answers. The user wants to know how this result was derived. In this case the rule(s) which directly supported the result are listed. (Fig 8)

Fig. 8. How command

The list command shows the existing facts of ENFD system. (Fig 9)

Fig. 9. List command

JOURNAL OF COMPUTING, VOLUME 3, ISSUE 11, NOVEMBER 2011, ISSN 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING WWW.JOURNALOFCOMPUTING.ORG

99

Exit command is designed for exit of ENFD system.

CONCLUSION

The knowledge of proposed ENFD system is based on several experts knowledge which increases the reliability, accuracy and performance of system. The system is able to detect the computer network fault (software and hardware) and offer appropriate solution for recovering the problem when the network expert is not available. Many researchers have been worked on prediction of problem and inform the network administrator for repairing it. A prototype of ENFD system has been designed as shell with prolog programming language and can be used as intelligent tool for detecting and solving the network computer fault in any organization. The system is independent of network topology. The ENFD system will detect the most hardware and software problems using decision tree faster than existing systems based on its problem classification. The system is ability to explain their behavior.

and integrated system of network fault management: artificial intelligence technologies hybrid architectures, International Conference on Information Engineering, pp. 265-268, 2002. [9] J. S. Bennett and C. R. Hollander, DART: An expert for computer fault diagnosis, 7th IJCAI, pp. 843-845, 1981. [10] D. Merritt, Building Expert Systems in Prolog, Amzi! inc., 1967. [11] R. P. suri, Introduction to prolog, Alphascience, 2007. [12] Kevin Wallace, CCNP TSHOOT 642-832, Cisco Press, pp. 31-38, 2010. Effat mirzaei received the M.S. degree in computer engineering from Islamic Azad University (IAU), North Tehran Branch at Tehran, and the B.S. degree in computer engineering from Shariati University at Tehran. Her research interests include grid computing and expert system. Chitra Dadkhah is an assistant professor in the Computer and Electrical Engineering Department at K.N.Toosi University of Technology, Tehran, Iran. She received the B.S. degree in computer engineering from Shahid Beheshti University, Tehran, Iran in 1990. She received the M.S. in computer engineering (Artificial Intelligence), IASI department, University of Paris 11 (Orsay), France, 1993. She also received the PhD in Computer Engineering (AI), Department of computer & IT, Amirkabir University of Technology (polytechnique), Tehran, Iran, 2005. Her research interest includes soft computing, Expert Systems, Verification & Validation of Knowledge and Knowledge Representation Techniques.

4 FUTURE WORK
To increase the efficiency of ENFD system, we suggest the following features: 1. Considering non deterministic knowledge, unknown value, in the system with fuzzy or probability methods. 2. Adding learning methods to improve the performance of system and update the knowledge of its knowledge base according to the new fault.

REFERENCES
[1] [2] [3] Andrew S. Tanenbaum, Computer networks, Prentice Hall, pp. 10, 27, 35, 2003. James P.Ignizio, Introduction to expert system, McGraw-Hill, Inc1991. K.Selvani Deepthi,D.Srinivasa Rao, T.Naresh Kumar, L.Sugunakar Naidu, Troubleshooting Wireless Mesh Networks using Rule-Based Expert System, International Journal of Electronics & Communication Technology , Vol. 2, Issue 2, pp. 2230-9543, June 2011. I.M. M. El Emary, S. A. Najim, and Musbah Aqel, Towards designing and implementing an expert network to manage the computer communication networks, Journal of Information and Computing Science, Vol. 2, No. 3, 2007, pp. 228-234, 2007. I. M. M. El Emary and A. I. Al Rabia,Fault detection of computer communication networks using an expert system, American Journal of Applied Sciences, pp. 1407-1411, 2005. Y. Yu, Q. Liu, L. Tan, A graph-based proactive fault identification approach in computer networks, Journal of Computer Communications, Vol. 28, pp. 366-378, 2005. M. Strittmatter, "Network troubleshooting expert system", Diploma Thesis, Computer Engineering and Networks Laboratory, Swiss Federal Institute of Technology Zurich 2003. S. Jiang, D. Siboni, A. A. Rhissa, G. Beuchot, An intelligent

[4]

[5]

[6]

[7]

[8]