Network Traffic Research Papers - Academia.edu (original) (raw)

The authors propose a computationally simple approximate expression for the equivalent capacity or bandwidth requirement of both individual and multiplexed connections, based on their statistical characteristics and the desired... more

The authors propose a computationally simple approximate expression for the equivalent capacity or bandwidth requirement of both individual and multiplexed connections, based on their statistical characteristics and the desired grade-of-service (GOS). The purpose of such an expression is to provide a unified metric to represent the effective bandwidth used by connections and the corresponding effective load of network links. These link metrics can then be used for efficient bandwidth management, routing, and call control procedures aimed at optimizing network usage. While the methodology proposed can provide an exact approach to the computation of the equivalent capacity, the associated complexity makes it infeasible for real-time network traffic control applications. Hence, an approximation is required. The validity of the approximation developed is verified by comparison to both exact computations and simulation results

Data mining and machine learning technology has been extensively applied in network intrusion detection and prevention systems by discovering user behavior patterns from the network traffic data. Some commercial tools for collecting... more

Data mining and machine learning technology has been extensively applied in network intrusion detection and prevention systems by discovering user behavior patterns from the network traffic data. Some commercial tools for collecting network traffic data exist, such as SNORT. The ...

The growing demand for link bandwidth and node capacity is a frequent phenomenon in IP network backbones. Within this context, traffic prediction is essential for the network operator. Traffic prediction can be undertaken based on link... more

The growing demand for link bandwidth and node capacity is a frequent phenomenon in IP network backbones. Within this context, traffic prediction is essential for the network operator. Traffic prediction can be undertaken based on link traffic or on origin-destination (OD) traffic which presents better results. This work investigates a methodology for traffic prediction based on multidimensional OD traffic, focusing on the stage of short-term traffic prediction using Principal Components Analysis as a technique for dimensionality reduction and a Local Linear Model based on K-means as a technique for prediction and trend analysis. The results validated with data on a real network present a satisfactory margin of error for use in practical situations.

Currently network uses, especially the number of Internet users, increase rapidly. Also, high quality of service is required and this requirement results a sudden network traffic increment. As a result, an efficient management system for... more

Currently network uses, especially the number of Internet users, increase rapidly. Also, high quality of service is required and this requirement results a sudden network traffic increment. As a result, an efficient management system for huge network traffic becomes an important issue. The system entity structure (SES) using data engineering concepts enables network administrators to access traffic data easily and

Microscopic simulation experiments are conducted to investigate traffic behavior in urban networks and support the development of network-level traffic flow relations. Previous use of microscopic traffic simulation has been limited by... more

Microscopic simulation experiments are conducted to investigate traffic behavior in urban networks and support the development of network-level traffic flow relations. Previous use of microscopic traffic simulation has been limited by computational resources to small networks. Supercomputers largely alleviate such limitations and allow more elaborate and realistic simulations of traffic in large networks. This paper provides computational experience in simulating large-scale urban traffic networks on a CRAY supercomputer. In addition to the computational results, the experiments address the effect of intersection traffic control on the two-fluid characterization of vehicular flow in congested networks. Evidence is provided from larger networks that supports conclusions reached in earlier work using smaller test networks.

Mesh networks are candidate to play the role of switched Ethernet LANs over extended areas and with a sensibly higher flexibility. Actually, mesh networks can exploit both Ethernet and wireless technologies, e.g. Wi-Fi and/or free-space... more

Mesh networks are candidate to play the role of switched Ethernet LANs over extended areas and with a sensibly higher flexibility. Actually, mesh networks can exploit both Ethernet and wireless technologies, e.g. Wi-Fi and/or free-space optical links, to provide a high degree of redundancy in an access network, and to provide users with powerful means to connect with each other.

Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to... more

Firewalls are core elements in network security. However, managing firewall rules, especially for enterprise networks, has become complex and error-prone. Firewall filtering rules have to be carefully written and organized in order to correctly implement the security policy. In ...

Modeling network traffic is an endeavor actively carried on since early digital communications, supporting a number of practical applications, that range from network planning and provisioning to security. Accordingly, many theoretical... more

Modeling network traffic is an endeavor actively carried on since early digital communications, supporting a number of practical applications, that range from network planning and provisioning to security. Accordingly, many theoretical and empirical approaches have been proposed in this long-standing research, most notably, Machine Learning (ML) ones. Indeed, recent interest from network equipment vendors is sparking around the evaluation of solid information-theoretical modeling approaches complementary to ML ones, especially applied to new network traffic profiles stemming from the massive diffusion of mobile apps. To cater to these needs, we analyze mobile-app traffic available in the public dataset MIRAGE-2019 adopting two related modeling approaches based on the well-known methodological toolset of Markov models (namely, Markov Chains and Hidden Markov Models). We propose a novel heuristic to reconstruct application-layer messages in the common case of encrypted traffic. We discuss and experimentally evaluate the suitability of the provided modeling approaches for different tasks: characterization of network traffic (at different granular-ities, such as application, application category, and application version), and prediction of network traffic at both packet and message level. We also compare the results with several ML approaches, showing performance comparable to a state-of-the-art ML predictor (Random Forest Regressor). Also, with this work we provide a viable and theoretically sound traffic-analysis toolset to help improving ML evaluation (and possibly its design), and a sensible and interpretable baseline.

In this paper, in a laboratory environment, the performance of four network traffic generators (Iperf, Netperf, D-ITG and IP Traffic) are compared. Two computers with Windows operating systems were connected via a 100 Mbps link and for... more

In this paper, in a laboratory environment, the performance of four network traffic generators (Iperf, Netperf, D-ITG and IP Traffic) are compared. Two computers with Windows operating systems were connected via a 100 Mbps link and for various payload sizes, ranging from 128 Bytes to 1408 Bytes, the TCP traffic on the link was measured using the various monitoring tools mentioned above. The results indicate that these tools can produce significantly different results. In the Windows environment, the bandwidth that the tools measure can vary as much as 16.5 Mbps for a TCP connection over a 100 Mbps link. For the same network set up, Iperf measured the highest bandwidth (93.1 Mbps) while IP traffic the lowest (76.7 Mbps). A comparison of capabilities of traffic generators is also provided.

This paper presents an artificial intelligence based solution, proposed to solve electromagnetic interference problems between high voltage power lines and nearby metallic pipelines, for different construction geometries. The presented... more

This paper presents an artificial intelligence based solution, proposed to solve electromagnetic interference problems between high voltage power lines and nearby metallic pipelines, for different construction geometries. The presented artificial intelligence method is a neural network one. Results gained with neural networks are compared to the finite element solutions considered as standard ones.

This paper describes an approach to detecting distributed denial of service (DDoS) attacks that is based on fundamentals of Information Theory, specifically Kolmogorov Complexity. A theorem derived using principles of Kolmogorov... more

This paper describes an approach to detecting distributed denial of service (DDoS) attacks that is based on fundamentals of Information Theory, specifically Kolmogorov Complexity. A theorem derived using principles of Kolmogorov Complexity states that the joint complexity measure of random strings is lower than the sum of the complexities of the individual strings when the strings exhibit some correlation. Furthermore, the joint complexity measure varies inversely with the amount of correlation. We propose a distributed active network-based algorithm that exploits this property to correlate arbitrary traffic flows in the network to detect possible denial-of-service attacks. One of the strengths of this algorithm is that it does not require special filtering rules and hence it can be used to detect any type of DDoS attack. We implement and investigate the performance of the algorithm in an active network. Our results show that DDoS attacks can be detected in a manner that is not sensitive to legitimate background traffic.

The increasing popularity of web-based applications has led to several critical services being provided over the Internet. This has made it imperative to monitor the network traffic so as to prevent malicious attackers from depleting the... more

The increasing popularity of web-based applications has led to several critical services being provided over the Internet. This has made it imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper has presented a mechanism for protecting a web-server against a distributed denial of service (DDoS) attack. Incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of co...

Traffic identification and classification are essential tasks performed by Internet Service Provider (ISPs) administrators. Deep Packet Inspection (DPI) is currently playing a key role in traffic identification and classification due to... more

Traffic identification and classification are essential tasks performed by Internet Service Provider (ISPs) administrators. Deep Packet Inspection (DPI) is currently playing a key role in traffic identification and classification due to its increased expressive power. To allow fair comparison among different DPI techniques and systems, workload generators should have the following characteristics: (i) synthetic packets with meaningful payloads; (ii) TCP and UDP traffic generation; (iii) a configurable network traffic profile, and (iv) a high-speed sending rate. This paper proposes a workload generator framework which inherits all of the above characteristics. A performance evaluation shows that our flexible workload generator system achieves very high sending rates over a 10Gbps network, using a commodity Linux machine. Additionally, we have configured and tested our workload generator following a real application traffic profile. We then analyzed its results within a DPI system, proving its accuracy and efficiency.

Intrusion detection system (IDS) is an important tool for the defense of a network against attacks. It monitors the activities occurring in a computer system or network and analyzes them for recognizing intrusions to protect the computer... more

Intrusion detection system (IDS) is an important tool for the defense of a network against attacks. It monitors the activities occurring in a computer system or network and analyzes them for recognizing intrusions to protect the computer network. Most of the existing IDSs use all of the 41 features available in the network packet to analyze and look for intrusive

Notice of Violation of IEEE Publication Principles"A Dynamic Distributed Diagnosis Algorithm for an Arbitrary Network Topology with Unreliable Nodes and Links,"by Pabitra Mohan Khilar and Sudipta Mahapatra,in the Proceedings of the... more

Notice of Violation of IEEE Publication Principles"A Dynamic Distributed Diagnosis Algorithm for an Arbitrary Network Topology with Unreliable Nodes and Links,"by Pabitra Mohan Khilar and Sudipta Mahapatra,in the Proceedings of the International Conference on Advanced Computing and Communications, 2007. ADCOM, Dec. 2007, pp. 125-130After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE's Publication Principles.This paper contains significant portions of original text from the paper cited below. The original text was copied without attribution (including appropriate references to the original author(s) and/or paper title) and without permission.Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article:"A Distributed Network Connectivity Algorithm,"By E. Procopio Duarte Jr. and A.Weber,The Sixth International Symposium on Autonomous Decentralized Systems, 2003. ISADS 2003 April 2003, pp. 285-292This paper presents a distributed network diagnosis (DND) algorithm for an arbitrary network topology where every node needs to record the status of every other nodes and links assuming the nodes and links are subjected to crash and value faults in a dynamic fault environment (the node's or link's status may change during execution of algorithm). The algorithm operates correctly in each connected component if the network is partitioned due to a set of faulty links or faulty nodes. The worst-case bounds for diagnostic latency is at most O(td) rounds where t is the number of dissemination trees and d is the diameter of the network. The proposed approach uses non-broadcasting method of message dissemination that has similar diagnostic latency with flooding [4] and similar message co- mplexity with Chinese Agent [14] method of message dissemination respectively.