structural analysis of network traffic flows
play

Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool - PowerPoint PPT Presentation

Jan 27, 2024 •609 likes •1.09k views

Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki, Mark Crovella, Christophe Diot, and Nina Taft Traditional Network What ISPs Care Traffic Analysis About Focus on Focus on Long,

  1. Structural Analysis of Network Traffic Flows Eric Kolaczyk Anukool Lakhina, Dina Papagiannaki, Mark Crovella, Christophe Diot, and Nina Taft

  2. Traditional Network What ISPs Care Traffic Analysis About • Focus on • Focus on – Long, nonstationary – Short ‘stationary’ timescales timescales – Traffic on all links – Traffic on a single link simultaneously in isolation • Principal goals • Principal results – Capacity planning – Scaling properties – Traffic engineering – Packet delays and losses – Anomaly detection 2

  3. Need for Whole-Network Traffic Analysis • Traffic Engineering: How does traffic move throughout the network? • Anomaly Detection: Which links show unusual traffic? • Capacity planning: How much and where in network to upgrade? 3

  4. This is Complicated! • Measuring and modeling traffic on all links simultaneously is challenging. – Even single link modeling is difficult – 100s of links in large IP networks – High-Dimensional timeseries • Significant correlation in link traffic • Is there a more fundamental representation? 4

  5. Origin-Destination Flows total traffic on the link traffic time • Link traffic arises from the superposition of Origin- Destination (OD) flows • Modeling OD flows instead of link traffic removes a significant source of correlation • A fundamental primitive for whole-network analysis 5

  6. But, This Is Still Complicated • Even more OD flows than links • Still a high dimensional, multivariate timeseries • How do we extract meaning from this high dimensional structure in a systematic manner? 6

  7. High Dimensionality: A General Strategy • Look for good low-dimensional representations • Often a high-dimensional structure can be explained by a small number of independent variables • A commonly used technique: Principal Component Analysis (PCA) (aka KL-Transform, SVD, …) 7

  8. Our work • Measure complete sets of OD flow timeseries from two backbone networks • Use PCA to understand their structure – Decompose OD flows into simpler features – Characterize individual features – Reconstruct OD flows as sum of features • Call this structural analysis 8

  9. Datasets • Abilene : 11 PoPs, 121 OD flows. • Sprint-Europe : 13 PoPs, 169 OD flows. • Collect sampled traffic from every ingress link using NetFlow • Use BGP tables to resolve egress points • Week-long datasets, 5- or 10-minute timesteps 9

  10. Example OD Flows 7 7 6 4 2.5 x 10 5.5 x 10 x 10 x 10 5 3 4.5 5 2 2.5 4 Traffic in Ab. OD Flow 29 Traffic in OD Flow 167 Traffic in OD Flow 96 Traffic in OD Flow 18 3.5 4.5 2 1.5 3 2.5 4 1.5 1 2 1 1.5 3.5 0.5 1 0.5 0.5 3 Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun 7 5 6 4 x 10 x 10 x 10 x 10 8 3 7 6 7 6 2.5 6 Traffic in Ab. OD Flow 27 5 Traffic in Ab. OD Flow 59 Traffic in OD Flow 124 Traffic in OD Flow 111 5 5 4 2 4 4 3 3 3 1.5 2 2 2 1 1 1 1 0 Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun 100 200 300 400 500 600 700 800 900 1000 4 5 x 10 8 7 x 10 x 10 x 10 3.5 3.6 1.35 5 1.3 3.4 3 1.25 3.2 4 2.5 1.2 Traffic in OD Flow 157 Traffic in OD Flow 42 Traffic in OD Flow 131 Traffic in OD Flow 84 3 1.15 2 3 1.1 2.8 1.05 1.5 2.6 2 1 2.4 1 0.95 2.2 1 0.9 0.5 0.85 2 0 0 Mon Tue Wed Thu Fri Sat Sun 100 200 300 400 500 600 700 800 900 1000 Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Some have visible structure, some less so … 10

  11. Specific Questions of Structural Analysis • Are there low dimensional representations for a set of OD flows? • Do OD flows share common features? • What do the features look like? • Can we get a high-level understanding of a set of OD flows in terms of these features? 11

  12. Principal Component Analysis Coordinate transformation method Original Data Transformed Data x1 , x2 u1 , u2 12

  13. Properties of Principle Components • Each PC in the direction of maximum (remaining) energy in the set of OD flows • Ordered by amount of energy they capture • Eigenflow : set of OD flows mapped onto a PC; a common trend • Ordered by most common to least common trend 13

  14. PCA on OD flows # OD pairs # OD pairs # OD pairs # OD pairs time time Eigenflow PC OD flow V: Principal X: OD flow U: Eigenflow matrix matrix matrix X=U Σ V T 14

  15. PCA on OD flows (2) Each eigenflow is a weighted sum of all OD flows Eigenflows are orthonormal = Singular values indicate the ; energy attributable to a principal component Each OD flow is weighted sum of all eigenflows = + + 15

  16. An Example Eigenflow and PC 0.05 Eigenflow 6 0 OD Flow 167 − 0.05 4 x 10 5 4.5 4 Mon Tue Wed Thu Fri Sat Sun Traffic in OD Flow 167 3.5 Time 3 2.5 2 1.5 1 0.5 Mon Tue Wed Thu Fri Sat Sun 0.2 PC − 6 0 OD Flow 94 7 5.5 x 10 − 0.2 5 Traffic in OD Flow 96 4.5 − 0.4 4 20 40 60 80 100 120 140 160 3.5 OD Flow 3 16 Thu Fri Sat Sun Mon Tue Wed

  17. Outline For Rest of Talk • Find intrinsic dimensionality of OD flows • Decompose OD flows Structural • Characterize eigenflows Analysis • Reconstruct OD flows • Potential applications 17

  18. Low Intrinsic Dimensionality of OD Flows 1 Sprint − 1 Abilene 0.9 0.8 Plot of (square root 0.7 of) energy captured Magnitude 0.6 Magnitude by each dimension. 0.5 0.4 0.3 0.2 0.1 20 40 60 80 100 120 140 160 Singular Values Singular Values 18

  19. Approximating With Top 5 Eigenflows 7 x 10 3.5 Original 5 PC 3 Traffic in OD Flow 88 2.5 2 1.5 Mon Tue Wed Thu Fri Sat Sun 19

  20. Approximating With Top 5 Eigenflows 7 x 10 Original 2.5 5 PC 2 Traffic in OD Flow 79 1.5 1 0.5 Mon Tue Wed Thu Fri Sat Sun 20

  21. Approximating With Top 5 Eigenflows 7 x 10 Original 7 5 PC 6 5 Traffic in OD Flow 96 4 3 2 1 21 Mon Tue Wed Thu Fri Sat Sun

  22. Outline • Find intrinsic dimensionality of OD flows • Decompose OD flows Structural • Characterize eigenflows Analysis • Reconstruct OD flows • Potential applications 22

  23. Structure of OD Flows 1 Sprint − 1 Abilene Most OD flows have 0.9 less than 20 significant 0.8 eigenflows 0.7 0.6 Pr[X<x] 0.5 Can think of each OD 0.4 flow as having only a 0.3 small set of “features” 0.2 0.1 0 20 40 60 80 100 120 140 160 Number of Eigenflows in an OD flow 23

  24. Kinds of Eigenflows 0.35 0.08 0.04 0.3 0.06 0.25 0.02 0.04 0.2 0.02 Eigenflow 29 Eigenflow 2 Eigenflow 20 0 0.15 0 0.1 − 0.02 − 0.02 − 0.04 0.05 − 0.04 − 0.06 0 − 0.08 − 0.05 − 0.06 − 0.1 Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Noise Spike Deterministic n-eigenflows s-eigenflows d-eigenflows Roughly stationary Sudden, isolated Predictable (periodic) and Gaussian spikes and drops trends 24

  25. D-eigenflows Have Periodicity 0.038 3.5 0.036 Sprint − 1 Abilene 0.034 3 0.032 Eigenflow 1 0.03 2.5 0.028 FFT Energy 2 0.026 0.024 1.5 0.022 Mon Tue Wed Thu Fri Sat Sun 1 0.5 Power 0 0 6 12 24 36 48 spectrum Hours 25

  26. S-eigenflows Have Spikes Sprint − 1 Eigenflow 8 0.3 0.2 0.1 0 5-sigma Mon Tue Wed Thu Fri Sat Sun threshold Abilene Eigenflow 10 0.05 0 − 0.05 − 0.1 Mon Tue Wed Thu Fri Sat Sun 26

  27. N-eigenflows Are Gaussian 0.1 0.1 0.05 0.08 Eigenflow 39 0 0.06 Quantiles of Input Sample 0.04 − 0.05 0.02 0 − 0.1 − 0.02 Mon Tue Wed Thu Fri Sat Sun − 0.04 − 0.06 Sprint − 1 − 0.08 qq-plot Abilene − 0.1 − 3 − 2 − 1 0 1 2 3 Standard Normal Quantiles 27

  28. 28 But Only Three Basic Types Hundreds of Eigenflows

  29. An OD Flow, Reconstructed 7 x 10 2 Original 1.5 OD flow 1 7 x 10 1.8 d − eigenflows 1.6 1.4 D-components 1.2 1 0.8 0.6 6 x 10 5 s − eigenflows 0 S-components − 5 6 x 10 5 n − eigenflows N-components 0 − 5 Mon Tue Wed Thu Fri Sat Sun 29

  30. Another OD Flow, Reconstructed 7 x 10 6 Original 4 OD flow 2 7 x 10 4 d − eigenflows 2 D-components 0 7 x 10 2 s − eigenflows 0 S-components − 2 7 x 10 2 n − eigenflows 0 N-components − 2 Mon Tue Wed Thu Fri Sat Sun 30

  31. Which Eigenflows Are Most Significant? 1-6: d-eigenflows N n − eigenflow appear to be most S s − eigenflow significant in both networks. D d − eigenflow 0 5 10 15 20 25 30 35 40 45 50 5-10: s-eigenflows Sprint Eigenflows in order are next important. N n − eigenflow 12 and beyond: S s − eigenflow n-eigenflows account D for rest. d − eigenflow 0 10 20 30 40 50 60 70 80 90 Abilene Eigenflows in order 31

  32. Contribution of Eigenflow Types Fraction of total OD flow energy captured by each type of eigenflow 32

  33. Contribution to Each OD Flow (Sprint) Largest OD flows: (Sprint) 0.9 Strong deterministic component. 0.8 0.7 Fraction of Total Energy Smallest OD flows: 0.6 Primarily dominated Deterministic Spike 0.5 Noise by spikes. 0.4 0.3 Regardless of size , 0.2 n-eigenflows account for a fairly constant 0.1 portion. 15 30 45 60 75 90 105 120 135 150 165 OD Flow (large to small) 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communication Networks and Services Quality of Service (QoS) - Identify traffic flows - Mark

Communication Networks and Services Quality of Service (QoS) - Identify traffic flows - Mark

Communication Networks and Services Quality of Service (QoS) - Identify traffic flows - Mark traffic flows - Police and shape traffic - Apply priority (managed scheduling) 1 Open-Loop Control / QoS Model Network performance is guaranteed to

408 views • 24 slides
Analysis of Communication Patterns in Network Flows to Discover Application Intent Presented by:

Analysis of Communication Patterns in Network Flows to Discover Application Intent Presented by:

Analysis of Communication Patterns in Network Flows to Discover Application Intent Presented by: William H. Turkett, Jr. Department of Computer Science FloCon 2013 | January 9, 2013 Traditional Traffic Classification Techniques Port- and

439 views • 19 slides
Optimisation and Prioritisation of Flows of Air Traffic through an ATM Network SESAR Innovation

Optimisation and Prioritisation of Flows of Air Traffic through an ATM Network SESAR Innovation

Optimisation and Prioritisation of Flows of Air Traffic through an ATM Network SESAR Innovation Days, Braunschweig, November 2012 Hugo de Jonge and Ron Selje, NLR jongehw@nlr.nl Nationaal Lucht- en Ruimtevaartlaboratorium National

883 views • 23 slides
An Analysis of Structural Racism in Traffic Ticketing Patterns in Selected Jurisdictions within

An Analysis of Structural Racism in Traffic Ticketing Patterns in Selected Jurisdictions within

An Analysis of Structural Racism in Traffic Ticketing Patterns in Selected Jurisdictions within Cuyahoga County by Dr. Ronnie A. Dun Chief Diversity Officer/Associate Professor Cleveland State University Structural Racism refers to the many

284 views • 24 slides
Inter-Data-Center Network Traffic Prediction with Elephant Flows Yi Li , Hong Liu , Wenjun

Inter-Data-Center Network Traffic Prediction with Elephant Flows Yi Li , Hong Liu , Wenjun

Inter-Data-Center Network Traffic Prediction with Elephant Flows Yi Li , Hong Liu , Wenjun Yang , Dianming Hu , Wei Xu Institute for Interdisciplinary Information Sciences, Tsinghua University Baidu Inc.

306 views • 17 slides
Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction

Network Traffic Characterization Srinidhi Varadarajan Traffic Analysis: Introduction Youve just invented the greatest protocol does everything including tying your shoelaces. What now? Need to know how it performs. Is it

510 views • 13 slides
using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets

Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets Network Traffic Measurement and Analysis Conference (TMA 2018) June 28, 2018 Milan Cermak et al. Institute of Computer Science, Masaryk University, Brno

575 views • 25 slides
Viaduct Road, Brighton Traffic &amp; Road Safety Options Network Function Residential Education

Viaduct Road, Brighton Traffic &amp; Road Safety Options Network Function Residential Education

Viaduct Road, Brighton Traffic &amp; Road Safety Options Network Function Residential Education Fire Service Land Use Functions Church Commercial 11,200 vpd Traffic Flows 30% &gt; 20mph 50% &gt; 30mph Traffic Speeds Reported Collisions

504 views • 15 slides
Network Traffic Analysis &amp; Cluster Analysis Exploring Hadoop Clusters using Free Tools

Network Traffic Analysis &amp; Cluster Analysis Exploring Hadoop Clusters using Free Tools

Network Traffic Analysis &amp; Cluster Analysis Exploring Hadoop Clusters using Free Tools Background and Goals: Apache Spot was started recently DNS, Netflow, PCAP data is analyzed The goal is to identify: suspicous

644 views • 19 slides
Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network

Trace-Share: Towards Provable Network Traffic Measurement and Analysis Special Session on Network Security at Prague Embedded Systems Workshop (PESW 2019) June 28, 2019 Milan Cermak Institute of Computer Science, Masaryk University, Brno 2 3

440 views • 20 slides
v v 1 3 20 liquids through pipe 16 Vancouver parts through an assembly line s t 10

v v 1 3 20 liquids through pipe 16 Vancouver parts through an assembly line s t 10

4.2 Network Flows A directed graph can model a flow network where some material (e.g., widgets, current, . . . ) is produced or enters the network at Mat 3770 a source and is consumed at a sink . Network Flows Production and consumption

465 views • 11 slides
Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic analysis for Bitcoin and derived Transaction clustering using network traffic blockchains analysis for Bitcoin and derived blockchains Biryukov, Tikhomirov Introduction Network privacy Alex

491 views • 30 slides
Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza

Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza

Attribution and Aggregation of Network Flows for Security Analysis Annarita Giani Ian De Souza Vincent Berk George Cybenko Institute for Security Technology Studies Thayer School of Engineering Dartmouth College Hanover, NH FloCon 2006,

224 views • 21 slides
Incorporating Network Flows in Intrusion Incident Handling and Analysis John Gerth Stanford

Incorporating Network Flows in Intrusion Incident Handling and Analysis John Gerth Stanford

Regional Visualization and Analytics Center Incorporating Network Flows in Intrusion Incident Handling and Analysis John Gerth Stanford University gerth@stanford.edu FloCon 2008 1 EE/CS Network Infrastructure Three buildings with one

349 views • 34 slides
STRUCTURAL CE 382 ANALYSIS Struct Structural Analysis ural Analysis As a structural engineer,

STRUCTURAL CE 382 ANALYSIS Struct Structural Analysis ural Analysis As a structural engineer,

STRUCTURAL CE 382 ANALYSIS Struct Structural Analysis ural Analysis As a structural engineer, you will Blue text is important course be required to make many material material technical decisions about technical decisions about

331 views • 5 slides
GENIUS : A tool for classifying and modelling evolution of urban typologies Marion BONHOMME 1 ,

GENIUS : A tool for classifying and modelling evolution of urban typologies Marion BONHOMME 1 ,

PLEA2012 - 28th Conference, Opportunities, Limits &amp; Needs Towards an environmentally responsible architecture Lima, Per 7-9 November 2012 GENIUS : A tool for classifying and modelling evolution of urban typologies Marion BONHOMME 1 , Hassan

924 views • 6 slides
303(d) Listing Methodology September 25, 2012 Application of the Integrated Impact Analysis Tool

303(d) Listing Methodology September 25, 2012 Application of the Integrated Impact Analysis Tool

303(d) Listing Methodology September 25, 2012 Application of the Integrated Impact Analysis Tool Setting the Stage MMI provides a score to characterize macroinvertebrate health. What does it mean if my segment has a low score? What

625 views • 34 slides
evaluate representativeness of the Dutch monitoring sites Contents Classification of

evaluate representativeness of the Dutch monitoring sites Contents Classification of

National Institute for Public Health and National Institute for Public Health and the Environment the Environment Ministry of Health, Welfare and Sport Ministry of Health, Welfare and Sport PCA (Principal components analysis) to evaluate

180 views • 16 slides
Parallel Clustering of Large Document Collections Xiaohu Li, Deyun Gao, Zheyuan Yu 31 July 2003

Parallel Clustering of Large Document Collections Xiaohu Li, Deyun Gao, Zheyuan Yu 31 July 2003

Parallel Clustering of Large Document Collections Xiaohu Li, Deyun Gao, Zheyuan Yu 31 July 2003 Document clustering is the process of organizing documents into clusters so that Documents within a cluster have high similarity in comparison

800 views • 24 slides
UNDERSTANDING NEUTRON STARS THROUGH GRAVITATIONAL-WAVE OBSERVATIONS Team DEPARTMENT OF

UNDERSTANDING NEUTRON STARS THROUGH GRAVITATIONAL-WAVE OBSERVATIONS Team DEPARTMENT OF

UNDERSTANDING NEUTRON STARS THROUGH GRAVITATIONAL-WAVE OBSERVATIONS Team DEPARTMENT OF PHYSICS ARISTOTLE UNIVERSITY OF THESSALONIKI Giancarlo Cella Nick Stergioulas Andreas Bauswein James Clark Gravitational Wave Detectors

466 views • 22 slides
Machine Learning and Fraud Detection February 2020 Tamsin Crossland Senior Architect

Machine Learning and Fraud Detection February 2020 Tamsin Crossland Senior Architect

Machine Learning and Fraud Detection February 2020 Tamsin Crossland Senior Architect @CrosslandTamsin World Class Payment and Enterprise Solutions for the global financial sector Two main types of article on AI 2 Machine Learning and

840 views • 69 slides
Increasing the Insight from Network Flows - Connecting Science to Operational Reality Grant Babb

Increasing the Insight from Network Flows - Connecting Science to Operational Reality Grant Babb

Increasing the Insight from Network Flows - Connecting Science to Operational Reality Grant Babb Research Scientist Intel Data Center Group Cloud Platforms Objectives The BIG question Why netflows? Why transform them? What

806 views • 19 slides
How does it apply to my project? Guillaume Labilloy Center for Data Solutions 03.03.2020 Agenda

How does it apply to my project? Guillaume Labilloy Center for Data Solutions 03.03.2020 Agenda

Machine Learning, Big Data, AI How does it apply to my project? Guillaume Labilloy Center for Data Solutions 03.03.2020 Agenda ML/AI in research/clinical Brief history of AI and ML Learning techniques and Algorithms Data science

453 views • 16 slides

More recommend