ABSTRACT
The Internet service model emphasizes flexibility -- any node can send any type of traffic at any time. While this design has allowed new applications and usage models to flourish, it also makes the job of network management significantly more challenging. This paper describes a new method of traffic characterization that automatically groups traffic into minimal clusters of conspicuous consumption. Rather than providing a static analysis specialized to capture flows, applications, or network-to-network traffic matrices, our approach dynamically produces hybrid traffic definitions that match the underlying usage. For example, rather than report five hundred small flows, or the amount of TCP traffic to port 80, or the "top ten hosts", our method might reveal that a certain percent of traffic was used by TCP connections between AOL clients and a particular group of Web servers. Similarly, our technique can be used to automatically classify new traffic patterns, such as network worms or peer-to-peer applications, without knowing the structure of such traffic a priori. We describe a series of algorithms for constructing these traffic clusters and minimizing their representation. In addition, we describe the design of our prototype system, AutoFocus and our experiences using it to discover the dominant and unusual modes of usage on several different production networks.
- Coralreef - workload characterization. http://www.caida.org/analysis/workload/.Google Scholar
- Ipmon - packet trace analysis. http://ipmon.sprintlabs.com/packstat/packetoverview.php.Google Scholar
- R. Agrawal, T. Imielinski, and A. Swami. Mining association rules between sets of items in large databases. In Proceedings of the ACM SIGMOD, 1993. Google ScholarDigital Library
- N. Duffield, C. Lund, and M. Thorup. Charging from sampled network usage. In SIGCOMM Internet Measurement Workshop, November 2001. Google ScholarDigital Library
- C. Estan, S. Savage, and G. Varghese. Automatically inferring patterns of resource consumption in network traffic. Technical report CS2003-0746, UCSD.Google Scholar
- C. Estan and G. Varghese. New directions in traffic measurement and accounting. In Proceedings of the ACM SIGCOMM, 2002. Google ScholarDigital Library
- A. Gilbert, Y. Kotidis, S. Muthukrishnan, and M. Strauss. Quicksand: Quick summary and analysis of network data. Dimacs technical report, 2001.Google Scholar
- P. Gupta and N. Mckeown. Packet classification on multiple fields. In Proceedings of the ACM SIGCOMM, 1999. Google ScholarDigital Library
- J. Han and Y. Fu. Discovery of multiple-level association rules from large databases. In Proceeding of VLDB, 1995. Google ScholarDigital Library
- T. Hastie, R. Tibshirani, and J. Friedman. The elements of statistical learning. Springer, 2001. pages 453--479.Google Scholar
- R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker. ACM SIGCOMM CCR, Vol 32, No. 3, July 2002. Google ScholarDigital Library
- D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver. The spread of the sapphire/slammer worm. Technical report, January 2003. http://www.caida.org/outreach/papers/2003/sapphire.Google Scholar
- Cisco netflow. http://www.cisco.com/warp/public/732/Tech/netflow.Google Scholar
- D. Plonka. Flowscan: A network traffic flow reporting and visualization tool. In Proceedings of USENIX LISA, 2000. Google ScholarDigital Library
- S. Saroiu, K. Gummadi, R. Dunn, S. Gribble, and H. Levy. An analysis of internet content delivery systems. In Proceedings of OSDI, 2002. Google ScholarDigital Library
Index Terms
- Automatically inferring patterns of resource consumption in network traffic
Recommendations
Traffic measurement and analysis in an ATM-based internet backbone
This paper reports our measurements and analysis of traffic characteristics in an Internet backbone ATM network. In order to utilize network resource efficiently while satisfying the quality of service requirement, it is important to understand the ...
A network scheme for TCP elastic traffic with admission control using edge-to-edge per-aggregate measurements in class-based networks
We propose a network scheme with Admission Control AC for TCP flows, which can provide different minimum throughputs and isolation between flows. It is built with simple mechanisms without per-flow state, per flow signaling or per-flow processing in the ...
Real-Time Traffic Analyzer for Measurement-Based Admission Control
AICT '09: Proceedings of the 2009 Fifth Advanced International Conference on TelecommunicationsThe Measurement-based Admission Control is used to achieve the required Quality of Service. The Measurement-based Admission Control mechanism provides significant functionality for integrated service guaranties. This paper presents the model of the ...
Comments