Spectral Analysis of Bottleneck Traffic

Spectral Analysis of Bottleneck Traffic

He, Xinming and Papadopoulos, Christos and Heidemann, John and Mitra, Urbashi and Riaz, Usman and Hussain, Alefiya
USC/Information Sciences Institute

Xinming He, Christos Papadopoulos, John Heidemann, Urbashi Mitra, Usman Riaz and Alefiya Hussain 2005. Spectral Analysis of Bottleneck Traffic. Technical Report USC-CSD-TR-05-854. University of Southern California Computer Science Department.

Abstract

Internet traffic contains a rich set of periodic patterns imposed by various processes. Examples include back-to-back packet transmissions on bottleneck links, periodic routing information exchange, transport layer effects such as TCP windowing behavior, and application layer effects such as misconfigured DNS clients. Analyzing such periodic patterns has wide applications, including a better understanding of network traffic dynamics, diagnosis of network anomalies, and detection of DDos attacks. However, current understanding of periodic behavior in aggregate traffic is quite limited. Many previous approaches often analyze traffic on a per-flow basis, and do not scale well to analyze high speed network traffic. This paper explores the application of spectral techniques to analyze network traffic. We propose an experimental methodol- ogy to guide the application, and as a case study, we use this methodology to analyze the spectral characteristics imposed by bottleneck links on aggregate traffic. In our approach, we passively gather packet traces from the network and then apply spectral techniques to extract periodic patterns embedded in the trace, particularly the regularities imposed by various bottleneck links. Unlike techniques utilizing packet inter-arrival time, our approach does not require flow separation or grouping. The only information required is the packet arrival time. Our experiments show that bottleneck links impose distinct signatures on the underlying traffic, and these signatures can be detected by a downstream monitoring point. We introduce four non-parametric algorithms based on the Bayes Maximum-likelihood Classifier to detect bottleneck flows inside the aggregate, and evaluate their performance using real Internet traffic. As our future work, we plan to design parametric detection algorithms for better performance, and apply the methodology to study other periodic network phenomena.

Reference

@techreport{He05a,
  title = {Spectral Analysis of Bottleneck Traffic},
  author = {He, Xinming and Papadopoulos, Christos and Heidemann, John and Mitra, Urbashi and Riaz, Usman and Hussain, Alefiya},
  institution = {University of Southern California Computer Science Department},
  year = {2005},
  sortdate = {2005-05-01},
  project = {ant, madcat, nocredit},
  jsubject = {spectral_network},
  number = {USC-CSD-TR-05-854},
  month = may,
  location = {johnh: pafile},
  keywords = {spectral analysis, quals proposal},
  url = {http://www.isi.edu/%7ejohnh/PAPERS/He05a.html},
  pdfurl = {http://www.isi.edu/%7ejohnh/PAPERS/He05a.pdf},
  myorganization = {USC/Information Sciences Institute}
}