Network Traffic (network + traffic)

Distribution by Scientific Domains

Selected Abstracts

An architecture for exploiting multi-core processors to parallelize network intrusion prevention

Robin Sommer
Abstract It is becoming increasingly difficult to implement effective systems for preventing network attacks, due to the combination of the rising sophistication of attacks requiring more complex analyses to detect; the relentless growth in the volume of network traffic that we must analyze; and, critically, the failure in recent years for uniprocessor performance to sustain the exponential gains that for so many years CPUs have enjoyed. For commodity hardware, tomorrow's performance gains will instead come from multi-core architectures in which a whole set of CPUs executes concurrently. Taking advantage of the full power of multi-core processors for network intrusion prevention requires an in-depth approach. In this work we frame an architecture customized for parallel execution of network attack analysis. At the lowest layer of the architecture is an ,Active Network Interface', a custom device based on an inexpensive FPGA platform. The analysis itself is structured as an event-based system, which allows us to find many opportunities for concurrent execution, since events introduce a natural asynchrony into the analysis while still maintaining good cache locality. A preliminary evaluation demonstrates the potential of this architecture. Copyright 2009 John Wiley & Sons, Ltd. [source]

A unifying co-operative web caching architecture

Abdullah Abonamah
Abstract Network caching of objects has become a standard way of reducing network traffic and latency in the web. However, web caches exhibit poor performance with a hit rate of about 30%. A solution to improve this hit rate is to have a group of proxies form co-operation where objects can be cached for later retrieval. A co-operative cache system includes protocols for hierarchical and transversal caching. The drawback of such a system lies in the resulting network load due to the number of messages that need to be exchanged to locate an object. This paper proposes a new co-operative web caching architecture, which unifies previous methods of web caching. Performance results shows that the architecture achieve up to 70% co-operative hit rate and accesses the cached object in at most two hops. Moreover, the architecture is scalable with low traffic and database overhead. Copyright 2002 John Wiley & Sons, Ltd. [source]

Multiplicative multifractal modelling of long-range-dependent network traffic

Jianbo Gao
Abstract We present a multiplicative multifractal process to model traffic which exhibits long-range dependence. Using traffic trace data captured by Bellcore from operations across local and wide area networks, we examine the interarrival time series and the packet length sequences. We also model the frame size sequences of VBR video traffic process. We prove a number of properties of multiplicative multifractal processes that are most relevant to their use as traffic models. In particular, we show these processes to characterize effectively the long-range dependence properties of the measured processes. Furthermore, we consider a single server queueing system which is loaded, on one hand, by the measured processes, and, on the other hand, by our multifractal processes (the latter forming a MFe/MFg/1 queueing system model). In comparing the performance of both systems, we demonstrate our models to effectively track the behaviour exhibited by the system driven by the actual traffic processes. We show the multiplicative multifractal process to be easy to construct. Through parametric dependence on one or two parameters, this model can be calibrated to fit the measured data. We also show that in simulating the packet loss probability, our multifractal traffic model provides a better fit than that obtained by using a fractional Brownian motion model. Copyright 2001 John Wiley & Sons, Ltd. [source]

Distribution-based anomaly detection in 3G mobile networks: from theory to practice

Alessandro D'Alconzo
The design of anomaly detection (AD) methods for network traffic has been intensively investigated by the research community in recent years. However, less attention has been devoted to the issues which eventually arise when deploying such tools in a real operational context. We designed a statistical based change detection algorithm for identifying deviations in distribution time series. The proposed method has been applied to the analysis of a large dataset from an operational 3G mobile network, in the perspective of the adoption of such a tool in production. Our algorithm is designed to cope with the marked non-stationarity and daily/weekly seasonality that characterize the traffic mix in a large public network. Several practical issues emerged during the study, including the need to handle incompleteness of the collected data, the difficulty in drilling down the cause of certain alarms, and the need for human assistance in resetting the algorithm after a persistent change in network configuration (e.g. a capacity upgrade). We report on our practical experience, highlighting the key lessons learned and the hands-on experience gained from such an analysis. Finally, we propose a novel methodology based on semi-synthetic traces for tuning and performance assessment of the proposed AD algorithm. Copyright 2010 John Wiley & Sons, Ltd. [source]