Robust control tools for traffic monitoring in TCP/AQM networks

Several studies have considered control theory tools for traffic control in communication networks, as for example the congestion control issue in IP (Internet Protocol) routers. In this paper, we propose to design a linear observer for time-delay systems to address the traffic monitoring issue in TCP/AQM (Transmission Control Protocol/Active Queue Management) networks. Due to several propagation delays and the queueing delay, the set TCP/AQM is modeled as a multiple delayed system of a particular form. Hence, appropriate robust control tools as quadratic separation are adopted to construct a delay dependent observer for TCP flows estimation. Note that, the developed mechanism enables also the anomaly detection issue for a class of DoS (Denial of Service) attacks. At last, simulations via the network simulator NS-2 and an emulation experiment validate the proposed methodology

Mathematics in Internet Traffic Data Analysis

The Internet traffic data have been found to possess extreme variability and bursty structures in a wide range of time-scales, so that there is no definite duration of busy or silent periods. But there is a self-similarity for which it is possible to characterize the data. The self-similar nature was first proposed by Leland et a1 [l] and subsequently established by others in a flood of research works on the subject [2]-[5]. It was then a new concept against the long believed idea of Poisson traffic. The traditional Poison model, a short ranged process, assumed the variation of data flow to be finite but the observations on Internet traffic proved otherwise. It is this large variance that leads to the self-similar nature of the data almost at all scales of resolution. Such a feature is always associated with a fractal structure of the data. The fractal characteristics can exist both in temporal and spatial scales. This was indicated by Willinger and Paxson [6], as due to the extreme variability and long range dependence in the process. Presently, one of the main research interests in the field of Internet traffic is that of prediction of data which will help a network manager to render a satisfactory quality of service. Before preparing a model of prediction, one of the important tasks is to determine its statistics. Any model to predict the future values will have to preserve these characteristics

Chaos theory based detection against network mimicking DDoS attacks

DDoS attack traffic is difficult to differentiate from legitimate network traffic during transit from the attacker, or zombies, to the victim. In this paper, we use the theory of network self-similarity to differentiate DDoS flooding attack traffic from legitimate self-similar traffic in the network. We observed that DDoS traffic causes a strange attractor to develop in the pattern of network traffic. From this observation, we developed a neural network detector trained by our DDoS prediction algorithm. Our preliminary experiments and analysis indicate that our proposed chaotic model can accurately and effectively detect DDoS attack traffic. Our approach has the potential to not only detect attack traffic during transit, but to also filter it.<br /

A Survey of Performance Evaluation and Control for Self-Similar Network Traffic

This paper surveys techniques for the recognition and treatment of self-similar network or internetwork traffic. Various researchers have reported traffic measurements that demonstrate considerable burstiness on a range of time scales with properties of self-similarity. Rapid technological development has widened the scope of network and Internet applications and, in turn, increased traffic volume. The exponential growth of the number of servers, as well as the number of users, causes Internet performance to be problematic as a result of the significant impact that long-range dependent traffic has on buffer requirements. Consequently, accurate and reliable measurement, analysis and control of Internet traffic are vital. The most significant techniques for performance evaluation include theoretical analysis, simulation, and empirical study based on measurement. In this research, we discuss existing and recent developments in performance evaluation and control tools used in network traffic engineering

Robustness of HEAF(2) for Estimating the Intensity of Long-Range Dependent Network Traffic

The intensity of Long-Range Dependence (LRD) for communications network traffic can be measured using the Hurst parameter. LRD characteristics in computer networks, however, present a fundamentally different set of problems in research towards the future of network design. There are various estimators of the Hurst parameter, which differ in the reliability of their results. Getting robust and reliable estimators can help to improve traffic characterization, performance modelling, planning and engineering of real networks. Earlier research [1] introduced an estimator called the Hurst Exponent from the Autocorrelation Function (HEAF) and it was shown why lag 2 in HEAF (i.e. HEAF (2)) is considered when estimating LRD of network traffic. This paper considers the robustness of HEAF(2) when estimating the Hurst parameter of data traffic (e.g. packet sequences) with outliers

CoLoRaDe: A Novel Algorithm for Controlling Long-Range Dependent Network Traffic

Long-range dependence characteristics have been observed in many natural or physical phenomena. In particular, a significant impact on data network performance has been shown in several papers. Congested Internet situations, where TCP/IP buffers start to fill, show long-range dependent (LRD) self-similar chaotic behaviour. The exponential growth of the number of servers, as well as the number of users, causes the performance of the Internet to be problematic since the LRD traffic has a significant impact on the buffer requirements. The Internet is a large-scale, wide-area network for which the importance of measurement and analysis of traffic is vital. The intensity of the long-range dependence (LRD) of communications network traffic can be measured using the Hurst parameter. A variety of techniques (such as R/S analysis, aggregated variance-time analysis, periodogram analysis, Whittle estimator, Higuchi's method, wavelet-based estimator, absolute moment method, etc.) exist for estimating Hurst exponent but the accuracy of the estimation is still a complicated and controversial issue. Earlier research (Rezaul et al., 2006) introduced a novel estimator called the Hurst exponent from the autocorrelation function (HEAF) and it was shown why lag 2 in HEAF (i.e. HEAF (2)) is considered when estimating LRD of network traffic. HEAF estimates H by a process which is simple, quick and reliable. In this research we extend these concepts by introducing a novel algorithm for controlling the long-range dependence of network traffic, named CoLoRaDe which is shown to reduce the LRD of packet sequences at the router buffer