A Basic Result on the Superposition of Arrival Processes in Deterministic Networks

Time-Sensitive Networking (TSN) and Deterministic Networking (DetNet) are emerging standards to enable deterministic, delay-critical communication in such networks. This naturally (re-)calls attention to the network calculus theory (NC), since a rich set of results for delay guarantee analysis have already been developed there. One could anticipate an immediate adoption of those existing network calculus results to TSN and DetNet. However, the fundamental difference between the traffic specification adopted in TSN and DetNet and those traffic models in NC makes this difficult, let alone that there is a long-standing open challenge in NC. To address them, this paper considers an arrival time function based max-plus NC traffic model. In particular, for the former, the mapping between the TSN / DetNet and the NC traffic model is proved. For the latter, the superposition property of the arrival time function based NC traffic model is found and proved. Appealingly, the proved superposition property shows a clear analogy with that of a well-known counterpart traffic model in NC. These results help make an important step towards the development of a system theory for delay guarantee analysis of TSN / DetNet networks

SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis

In this paper, we propose a novel approach, called SENATUS, for joint traffic anomaly detection and root-cause analysis. Inspired from the concept of a senate, the key idea of the proposed approach is divided into three stages: election, voting and decision. At the election stage, a small number of \nop{traffic flow sets (termed as senator flows)}senator flows are chosen\nop{, which are used} to represent approximately the total (usually huge) set of traffic flows. In the voting stage, anomaly detection is applied on the senator flows and the detected anomalies are correlated to identify the most possible anomalous time bins. Finally in the decision stage, a machine learning technique is applied to the senator flows of each anomalous time bin to find the root cause of the anomalies. We evaluate SENATUS using traffic traces collected from the Pan European network, GEANT, and compare against another approach which detects anomalies using lossless compression of traffic histograms. We show the effectiveness of SENATUS in diagnosing anomaly types: network scans and DoS/DDoS attacks