4,091 research outputs found
Robust control tools for traffic monitoring in TCP/AQM networks
Several studies have considered control theory tools for traffic control in
communication networks, as for example the congestion control issue in IP
(Internet Protocol) routers. In this paper, we propose to design a linear
observer for time-delay systems to address the traffic monitoring issue in
TCP/AQM (Transmission Control Protocol/Active Queue Management) networks. Due
to several propagation delays and the queueing delay, the set TCP/AQM is
modeled as a multiple delayed system of a particular form. Hence, appropriate
robust control tools as quadratic separation are adopted to construct a delay
dependent observer for TCP flows estimation. Note that, the developed mechanism
enables also the anomaly detection issue for a class of DoS (Denial of Service)
attacks. At last, simulations via the network simulator NS-2 and an emulation
experiment validate the proposed methodology
Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis
Systematic network monitoring can be the cornerstone for
the dependable operation of safety-critical distributed
systems. In this paper, we present our vision for informed
anomaly detection through network monitoring and
resilience measurements to increase the operators'
visibility of ATM communication networks. We raise the
question of how to determine the optimal level of
automation in this safety-critical context, and we present a
novel passive network monitoring system that can reveal
network utilisation trends and traffic patterns in diverse
timescales. Using network measurements, we derive
resilience metrics and visualisations to enhance the
operators' knowledge of the network and traffic behaviour,
and allow for network planning and provisioning based on
informed what-if analysis
NetCluster: a Clustering-Based Framework for Internet Tomography
Abstract â In this paper, Internet data collected via passive measurement are analyzed to obtain localization information on nodes by clustering (i.e., grouping together) nodes that exhibit similar network path properties. Since traditional clustering algorithms fail to correctly identify clusters of homogeneous nodes, we propose a novel framework, named âNetClusterâ, suited to analyze Internet measurement datasets. We show that the proposed framework correctly analyzes synthetically generated traces. Finally, we apply it to real traces collected at the access link of our campus LAN and discuss the network characteristics as seen at the vantage point. I. INTRODUCTION AND MOTIVATIONS The Internet is a complex distributed system which continues to grow and evolve. The unregulated and heterogeneous structure of the current Internet makes it challenging to obtai
No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone
It is generally recognized that the traffic generated by an individual
connected to a network acts as his biometric signature. Several tools exploit
this fact to fingerprint and monitor users. Often, though, these tools assume
to access the entire traffic, including IP addresses and payloads. This is not
feasible on the grounds that both performance and privacy would be negatively
affected. In reality, most ISPs convert user traffic into NetFlow records for a
concise representation that does not include, for instance, any payloads. More
importantly, large and distributed networks are usually NAT'd, thus a few IP
addresses may be associated to thousands of users. We devised a new
fingerprinting framework that overcomes these hurdles. Our system is able to
analyze a huge amount of network traffic represented as NetFlows, with the
intent to track people. It does so by accurately inferring when users are
connected to the network and which IP addresses they are using, even though
thousands of users are hidden behind NAT. Our prototype implementation was
deployed and tested within an existing large metropolitan WiFi network serving
about 200,000 users, with an average load of more than 1,000 users
simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned
out to be very effective, with an accuracy greater than 90%. We also devised
new tools and refined existing ones that may be applied to other contexts
related to NetFlow analysis
A Churn for the Better: Localizing Censorship using Network-level Path Churn and Network Tomography
Recent years have seen the Internet become a key vehicle for citizens around
the globe to express political opinions and organize protests. This fact has
not gone unnoticed, with countries around the world repurposing network
management tools (e.g., URL filtering products) and protocols (e.g., BGP, DNS)
for censorship. However, repurposing these products can have unintended
international impact, which we refer to as "censorship leakage". While there
have been anecdotal reports of censorship leakage, there has yet to be a
systematic study of censorship leakage at a global scale. In this paper, we
combine a global censorship measurement platform (ICLab) with a general-purpose
technique -- boolean network tomography -- to identify which AS on a network
path is performing censorship. At a high-level, our approach exploits BGP churn
to narrow down the set of potential censoring ASes by over 95%. We exactly
identify 65 censoring ASes and find that the anomalies introduced by 24 of the
65 censoring ASes have an impact on users located in regions outside the
jurisdiction of the censoring AS, resulting in the leaking of regional
censorship policies
- âŠ