Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3.

Slides:



Advertisements
Similar presentations
Preference-based Mobility Model and the Case for Congestion Relief in WLANs using Ad hoc Networks Wei-jen Hsu, Kashyap Merchant, Haw-wei Shu, Chih-hsin.
Advertisements

On Scalable Measurement-driven Modeling of Traffic Demand in Large WLANs 1 Foundation for Research & Technology-Hellas (FORTH) & University of Crete 2.
Network Services Networking for Home & Small Business.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
IEEE PIMRC A Comparative Measurement Study of the Workload of Wireless Access Points in Campus Networks Maria Papadopouli Assistant Professor Department.
Accurate & scalable models for wireless traffic workload Assistant Professor Department of Computer Science, University of Crete & Institute of Computer.
1 William Lee Duke University Department of Electrical and Computer Engineering Durham, NC Analysis of a Campus-wide Wireless Network February 13,
1 Empirical-based Analysis of a Cooperative Location-Sensing System 1 Institute of Computer Science, Foundation for Research & Technology-Hellas (FORTH)
1 Network Traffic Measurement and Modeling Carey Williamson Department of Computer Science University of Calgary.
IFIP Performance Remote Analysis of a Distributed WLAN using Passive Wireless-side Measurement Aniket Mahanti Carey Williamson Martin Arlitt University.
CCNA 1 v3.1 Module 11 Review.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
UNC/FORTH Archive of Wireless Traces, Models and Tools 1 Foundation for Research & Technology-Hellas (FORTH) & University of Crete 2 University of North.
Copyright © 2005 Department of Computer Science CPSC 641 Winter Network Traffic Measurement A focus of networking research for 20+ years Collect.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Modeling client arrivals at access points in wireless campus-wide networks Maria Papadopouli Assistant Professor Department of Computer Science University.
1 Assessing The Real Impact of WLANs: A Large-Scale Comparison of Wired and Wireless Traffic Maria Papadopouli * Assistant Professor Department.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Network Simulation Internet Technologies and Applications.
Traffic Modeling.
A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.
Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)
M. Papadopouli 1,2,3, M. Moudatsos 1, M. Karaliopoulos 2 1 Institute of Computer Science, FORTH, Heraklion, Crete, Greece 2 University of North Carolina,
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 6 Basic TCP/IP Services.
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.
Chapter Two Application Layer Prepared by: Dr. Bahjat Qazzaz CS Dept. Sept
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.
Application Layer CHAPTER 2. Announcements and Outline  Administrative Items  Questions? Recap 1.Introduction to Networks 1.Network Type 2.N etwork.
Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
2: Application Layer 1 Chapter 2: Application layer r 2.1 Principles of network applications r 2.2 Web and HTTP r 2.3 FTP r 2.4 Electronic Mail  SMTP,
Spatio-Temporal Modeling of Traffic Workload in a Campus WLAN Felix Hernandez-Campos 3 Merkouris Karaliopoulos 2 Maria Papadopouli 1,2,3 Haipeng Shen 2.
Wireless Trace Analysis Suyong Lee and Renata Aryanti Advisor: Prof. Suman Banerjee With assistance of : Vladimir Brik and Michael Blodget Fall 2007.
The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.
Internet Protocol B Bhupendra Ratha, Lecturer School of Library and Information Science Devi Ahilya University, Indore
Linux Networking and Security
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Heuristics to Classify Internet Backbone Traffic based on Connection Patterns Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin In First Workshop on Hot Topics in Understanding Botnets,
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
On Scalable Measurement-driven Modeling of Traffic Demand in Large WLANs 1 Foundation for Research & Technology-Hellas (FORTH) & University of Crete 2.
IEEE PIMRC Short-term Traffic Forecasting in a Campus-Wide Wireless Network Maria Papadopouli Assistant Professor Department of Computer Science.
CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.
The Changing Usage of a Mature Campus-wide Wireless Network CS525m – Mobile and Ubiquitous Computing Andrew Stone.
Unconstrained Endpoint Profiling Googling the Internet Ionut Trestian, Supranamaya Ranjan, Alekandar Kuzmanovic, Antonio Nucci Reviewed by Lee Young Soo.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Computer Network Architecture Lecture 6: OSI Model Layers Examples 1 20/12/2012.
Management of the LHCb DAQ Network Guoming Liu *†, Niko Neufeld * * CERN, Switzerland † University of Ferrara, Italy.
#16 Application Measurement Presentation by Bobin John.
1 Internet Traffic Measurement and Modeling Carey Williamson Department of Computer Science University of Calgary.
Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.
Revision Unit 1 – The Online World Online Services Online Documents Online Communication Cloud Computing The Internet Internet Infrastructure Internet.
Juniper Networks Mobile Security Solution Nosipho Masilela COSC 356.
CompTIA Security+ Study Guide (SY0-401)
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Networking for Home and Small Businesses – Chapter 6
Networking for Home and Small Businesses – Chapter 6
CompTIA Security+ Study Guide (SY0-401)
Modeling the Wireless Traffic Workload
Networking for Home and Small Businesses – Chapter 6
Spatio-Temporal Modeling of Traffic Workload in a Campus WLAN
Transport Layer Identification of P2P Traffic
Unconstrained Endpoint Profiling (Googling the Internet)‏
Network programming Lecture 1 Prepared by: Dr. Osama Mokhtar.
Presentation transcript:

Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3 and Manolis Ploumidis 1,2 1 Department of Computer Science, University of Crete 2 Institute of Computer Science, Foundation for Research and Technology-Hellas 3 Microsoft Research * This work was partially supported by General Secretariat for Research and Technology and by European Commission with a Marie Curie IRG grant COST-TMA: Samos, September 22 nd, 23 rd 2008

2 Research interests Traffic modeling  Impact of parameters (number of flows, flow inter-arrivals, flow sizes) on accuracy Topology & mobility modeling Traffic forecasting (moving averages, Singular Spectrum Analysis, etc) Client profiling Mobile p2p computing  Data diffusion using realistic mobility models Efficient selection of appropriate network interface/channel based on network conditions/application requirements Efficient distributed monitoring Understanding the impact of network conditions on user experience

3 Roadmap Objectives Testbed, data acquisition & preprocessing Data analysis  Aggregate traffic  AP traffic  Client traffic Conclusions Research in progress …

4 Objectives Classify flows into application types Identify dominant & popular application types Compare UNC network with other wired & wireless networks Characterize AP & client traffic

5 Infrastructure

6 Testbed, data acquisition & preprocessing Testbed  488 APs, 382 monitored  6,593 distinct MAC addresses – 9,125 distinct IPs Data acquisition  Packet header traces from egress router  Client SNMP data Data preprocessing  Correlation of packet headers with client SNMP  Classification of flows using BLINC

7 Classification with BLINC: heuristics Host behavior (e.g., client-server, collaborative) o Host popularity: number of distinct destination IPs o Clusters of hosts using a collaborative application o Number of source ports Transport layer protocol: TCP vs. UDP Cardinality of sets (ports vs. IPs) Per flow average packet size o Constant in several applications (e.g., malware) “Farms” of services: neighboring IPs Non-payload flows (e.g., attacks)

8 Graphlet library

9 Dominant application types Application typeFlows(%)Bytes(%)Packets(%) Network Management Chat Web P2P Online Games FTP Mail AddScan PortScan Streaming Unknown

10 Popular application types Clients with at least one flow per application type Application typeClients(%) Network Management17 Chat73 Web99 P2P43 Online Games4 Ftp7 Mail1.5 AddScan73 PortScan1.4 Streaming0.5 Unknown84

11 Compare with other testbeds Traffic share for most dominant application types Wired & wireless testbeds  UNC wired network  Dartmouth wireless infrastructure  Residential campus % Res. CampusUNC WiredUNC WirelessDartmouth Web P2P may have missed all Web traffic that was not accessed through one of the well-known ports for Web

12 Home application type of APs Traffic of this application type > than x% of total AP traffic  Web most prevalent home application type xWeb(%)P2P(%)Ftp(%)Mail(%)Unkn

13 Client traffic characterization Client home application: Application type of which this clients transfer >X% of their traffic Clients have strong application preferences  ~ 50% of clients have home application type (for X=90)  Web: most prevalent home application type Clients with no home application are dominated by Web Only a minority of clients have P2P as dominant application

14 Wireless traffic load Wide range of workloads & log normality is prevalent  Light traffic load but with long tails Dichotomy among APs:  APs dominated by uploaders  APs dominated by downloaders Majority of APs send & receive packets of small size Significant number of APs with asymmetric packet sizes:  APs with large sent & small receive packets  APs with small sent & large receive packets

15 Application-based characterization Most popular applications  Web browsing & p2p accounting ~81% of total traffic  These applications dominate most users and APs  Web dominates both AP & client traffic share Network management & scanning activity ~17% of total flows Application-mix varies within APs of same building Wireless clients with strong application-type interests File transfer flows (e.g., ftp, p2p) are heavier in wired network than in wireless one Flow sizes per application type  Different between wired & wireless network

16 In progress … Focus on applications with real-time constraints  Impact of “extreme” network conditions on performance & user satisfaction Statistical analysis for client profiles  Comparable analysis with other wireless networks

17 UNC/FORTH Web Archive Online repository of  Wireless measurement traces Packet header, SNMP, SYSLOG, signal quality  Models  Tools  Login/ password access after free registration Maria Papadopouli

18 Total network traffic across APs

19 Application traffic share across APs

20 Traffic asymmetry (2/2)

21 BLINC BLINd Classification  Flows in application types Focus on end hosts rather than on flow 3-level host behavior analysis  Social  Functional  Application Application signature based classification Accurate flows classification

22 Heuristics (2/2) 1. Community heuristic Farms of services in neighboring IPs 2. Recursive detection Interaction between servers Mail with Razor servers

23 Application level Transport layer interaction between hosts Based on TCP 4-tuple Empirically derived signatures – graphlets  Nodes: Src,Dst IP & Src,Dst Port  Edges: Flows through this TCP-tuple  Protocol type Host behavior against graphlet library

24 Bldg level application usage patterns % of APs with home application type / bldg type  Weak correlation between building category & # of APs with home application  Distinct APs different configurations Uneven traffic distribution across APs of same bldg  APs dominated by Web, P2P, or unknown traffic

25 Conclusions Three-level characterization of large scale infrastructure  Support admission control & AP selection mechanisms  Indicate user trends  Assist application specific traffic modeling Web dominates both AP & client traffic share P2P systems bear a significant impact Clients have strong application preferences

26 Heuristics used in classification 1. Transport layer protocol: TCP vs. UDP 2. Cardinality of sets Ports vs. IPs Constant in several applications (e.g., malware) 3. Community heuristic Farms of services in neighboring IPs 4. Non-payload flows (e.g., attacks )

27 Attack graphlets Address-Scan attack Address-Scan attack for specific IP set Port-scan attack

28 P2P Graphlets

29 Traffic asymmetry (1/2) Asymmetry index = total downloaded / total uploaded traffic Certain APs dominated by uploaders Asymmetry index / application type  Asymmetry index for P2P traffic < 1 for 40% of APs

30 Flow sizes per application type

31 Wireless user application preferences Similar between wireless & wired users Flow sizes / application type  Different between wired & wireless network Possible reasons  Application dependent  User-driven

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.