Passive traffic characterization and analysis in heterogeneous IP networks

In this thesis we revisit a handful of well-known experiments, using modern tools, to see if results yielded from earlier experiments are valid for today’s heterogeneous networks. The traffic properties we look at are relevant for designing and optimizing network equipment, such as routers and switches, and when building corporate networks. We have looked at the characteristics of two different heterogeneous networks; a university network, and an ISP network. We have captured traffic from different weeks, and at different times of the day. We first describe the challenges involved with collecting, processing and analyzing traffic traces from high-speed networks. Then we then look at the various factors that contribute to uncertainty in such measurements, and we try to deduct these factors. The experiments involve collection and analysis of high-resolution traffic traces fromtwo operative networks, each ofwhich contains several gigabytes of network traffic data. We look at properties such as: Packet inter-arrival time distributions, packet size distributions, modeling packet arrivals (self-similarity versus Poisson), traffic per application (egress traffic per destination port), and protocol distributions. A simplistic attempt to quantify the volume of Peer-to-Peer (P2P) traffic inspecting both header data and payload is conducted to evaluate the efficiency of today’s methodology for identification (port numbers only). We have used freely available tools like TCPDump, Ethereal, TEthereal, Ntop, and especially the CAIDA CoralReef suite. The shortcomings of these tools for particular tasks have been compensated for by writing custom-made Perl scripts, proving that it is possible to do advanced analysis with fairly simple means. Our results reveal that there are in fact measurable differences in terms of packet inter-arrival time distributions and statistical properties in the two networks. We also find significant differences in the application distribution, and the deployment of new technologies such as Multicast.Master i nettverks- og systemadministrasjo

TAMC: Traffic Analysis Measurement and Classification Using Hadoop MapReduce

Due to growth in Internet users and bandwidth-hungry applications; the amount of Internet traffic data generated is so huge. It requires scalable tools to analyze, measure, and classify this traffic data. Traditional tools fail to do this task due to their limited computational capacity and storage capacity. Hadoop is a distributed framework which performs this task in very efficient manner. Hadoop mainly runs on commodity hardware with distributed storage and process this huge amount of traffic data with a Map-Reduce programming model. We have implemented Hadoop-based TAMC tool which perform Traffic Analysis, Measurement, and Classification with respect to various parameters at packet and flow level. The results can be used by Network Administrator and ISP’s for various usages. DOI: 10.17762/ijritcc2321-8169.15013

A publish-subscribe implementation of network management

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student-submitted PDF version of thesis.Includes bibliographical references (pages 75-77).As modern networks become highly integrated, heterogeneous, and experience exponential growth, the task of network management becomes increasingly unmanageable for network administrators and designers. The Knowledge Plane (KP) is designed to support a self-managing network, given the organizational constraints of network management, as well as to create synergy and exploit commonality among network applications. In this thesis, to build an Information Plane that is suitable to the requirements of the KP, we propose a publish/subscribe system that provides a clear and systematic framework for resolving tussles in the network. To evaluate the eectiveness of this design, we configured a network of PlanetLab nodes and conducted experiments involving a variety of le sizes and source-destination pairs. The results suggest that the system's performance is not only comparable to existing le transfer services, but that the system also introduces several performance gains that are unattainable with current network architectures.by Jorge D. Simosa.M. Eng

A Publish-Subscribe Implementation of Network Management

MEng thesisAs modern networks become highly integrated, heterogeneous, and experience exponential growth, the task of network management becomes increasingly unmanageable for network administrators and designers. The Knowledge Plane (KP) is designed to support a self-managing network, given the organizational constraints of network management, as well as to create synergy and exploit commonality among network applications. In this thesis, to build an Information Plane that is suitable to the requirements of the KP, we propose a publish/subscribe system that provides a clear and systematic framework for resolving tussles in the network. To evaluate the effectiveness of this design, we configured a network of PlanetLab nodes and conducted experiments involving a variety of file sizes and source-destination pairs. The results suggest that the system's performance is not only comparable to existing file transfer services, but that the system also introduces several performance gains that are unattainable with current network architectures

Automatic Discovery of Network Applications: A hybrid Approach

I attended the Canadian AI conference between May 30, 2010 – June 2, 2010. On May 30, 2010, I jointly with Marina Sokolova from the Children Hospital of Eastern Ontario, co-chaired the Canadian AI graduate students symposium. The symposium had originally attracted about 23 submissions and had an acceptance rate of around 25%. There were about 30 participants from around Canada along with 5 professor panelists and 2 researchers from industry. The organization of this symposium both from an academic perspective and also logistics was done by myself and Marina. The symposium was a great success in terms of both the number of attendance and the quality of the work presented at the symposium. On the May 31, 2010, I presented my paper titled “Automatic Discovery of Network Applications: A hybrid Approach”. There were interesting issues raised during the Q&A period that can lead to the betterment of the work in the future including how the network packets were labeled before they were used in the classification algorithm and also about the possible applications of our work for network planning and alert correlation.Automatic discovery of network applications is a very challenging task which has received a lot of attentions due to its importance in many areas such as network security, QoS provisioning, and network management. In this paper, we propose an online hybrid mechanism for the classification of network flows, in which we employ a signature-based classifier in the first level, and then using the weighted unigram model we improve the performance of the system by labeling the unknown portion. Our evaluation on two real networks shows between 5% and 9% performance improvement applying the genetic algorithm based scheme to find the appropriate weights for the unigram model