184 research outputs found
Traffic measurement and analysis
Measurement and analysis of real traffic is important to gain knowledge
about the characteristics of the traffic. Without measurement, it is
impossible to build realistic traffic models. It is recent that data
traffic was found to have self-similar properties. In this thesis work
traffic captured on the network at SICS and on the Supernet, is shown to
have this fractal-like behaviour. The traffic is also examined with
respect to which protocols and packet sizes are present and in what
proportions. In the SICS trace most packets are small, TCP is shown to be
the predominant transport protocol and NNTP the most common application.
In contrast to this, large UDP packets sent between not well-known ports
dominates the Supernet traffic. Finally, characteristics of the client
side of the WWW traffic are examined more closely. In order to extract
useful information from the packet trace, web browsers use of TCP and HTTP
is investigated including new features in HTTP/1.1 such as persistent
connections and pipelining. Empirical probability distributions are
derived describing session lengths, time between user clicks and the
amount of data transferred due to a single user click. These probability
distributions make up a simple model of WWW-sessions
The Dynamics of Internet Traffic: Self-Similarity, Self-Organization, and Complex Phenomena
The Internet is the most complex system ever created in human history.
Therefore, its dynamics and traffic unsurprisingly take on a rich variety of
complex dynamics, self-organization, and other phenomena that have been
researched for years. This paper is a review of the complex dynamics of
Internet traffic. Departing from normal treatises, we will take a view from
both the network engineering and physics perspectives showing the strengths and
weaknesses as well as insights of both. In addition, many less covered
phenomena such as traffic oscillations, large-scale effects of worm traffic,
and comparisons of the Internet and biological models will be covered.Comment: 63 pages, 7 figures, 7 tables, submitted to Advances in Complex
System
Analysis of Ethernet Traffic Statistical Properties
Traffic profile, mainly its self-similarity properties, can have crucial impact on the network performance. In this regard, we evaluate traffic profile of Ethernet traffic. We have performed a measurement of the traffic on Ethernet network. Captured data has been analyzed from the protocol point of view with the stress on the self-similarity, LRD and SRD properties. To evaluate these characteristics, properties of wavelet transform (DWT) are deployed and, based on alpha parameter, scaling property of traffic is estimated. We show that self-similarity is present in analyzed data and that it depends on analyzed time scale and on analyzed protoco
Conversation Exchange Dynamics: A New Signal Primitive for Computer Network Intrusion Detection
As distributed network intrusion detection systems expand
to integrate hundreds and possibly thousands of sensors,
managing and presenting the associated sensor data becomes
an increasingly complex task. Methods of intelligent data
reduction are needed to make sense of the wide dimensional
variations. We present a new signal primitive we call
conversation exchange dynamics (CED) that accentuates
anomalies in traffic flow. This signal provides an aggregated
primitive that may be used by intrusion detection systems to
base detection strategies upon. Indications of the signal in a
variety of simulated and actual anomalous network traffic
from distributed sensor collections are presented.
Specifically, attacks from the MIT Lawrence Livermore IDS data set are considered. We conclude that CED presents a useful signal primitive for assistance in conducting IDS
Network traffic data analysis
The desire to conceptualize network traffic in a prevailing communication network is a facet for many types of network research studies. In this research, real traffic traces collected over trans-Pacific backbone links (the MAWI repository, providing publicly available anonymized traces) are analyzed to study the underlying traffic patterns. All data analysis and visualization is carried out using Matlab (Matlab is a trademark of The Mathworks, Inc.). At packet level, we first measure parameters such as distribution of packet lengths, distribution of protocol types, and then fit following analytical models. Next, the concept of flow is introduced and flow based analysis is studied. We consider flow related parameters such as top ports seen, duration of the flow, distribution of flow lengths, and number of flows with different timeout values and provide analytical models to fit the flow lengths. Further, we study the amount of data flowing between source-destination pairs. Finally, we focus on TCP-specific aspects of captured traces such as retransmissions and packet round-trip times. From the results obtained, we infer the Zipf-type nature of distribution for number of flows, heavy-tailness of flow sizes and the contribution of well-known ports at packet and flow level. Our study helps a network analyst to farther the knowledge and helps optimize the network resources, while performing efficient traffic engineering
- …