On-line Detection of Real Time Multimedia Traffic

Slides:

Advertisements

Similar presentations

KISS: Stochastic Packet Inspection for UDP Traffic Classification

Advertisements

29.1 Chapter 29 Multimedia Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Fast, Memory-Efficient Traffic Estimation by Coincidence Counting Fang Hao 1, Murali Kodialam 1, T. V. Lakshman 1, Hui Zhang 2, 1 Bell Labs, Lucent Technologies.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

1 Estimating Shared Congestion Among Internet Paths Weidong Cui, Sridhar Machiraju Randy H. Katz, Ion Stoica Electrical Engineering and Computer Science.

Multimedia Streaming Gateway With Jitter Detection Siu-Ping Chan, Chi-Wah Kok Albert K. Wong IEEE TRANSACTIONS ON MULTIMEDIA, June 2005.

Ph.D. DefenceUniversity of Alberta1 Approximation Algorithms for Frequency Related Query Processing on Streaming Data Presented by Fan Deng Supervisor:

1 Network Tomography Venkat Padmanabhan Lili Qiu MSR Tab Meeting 22 Oct 2001.

1 End-to-End Detection of Shared Bottlenecks Sridhar Machiraju and Weidong Cui Sahara Winter Retreat 2003.

Fast and Robust Worm Detection Algorithm Tian Bu Aiyou Chen Scott Vander Wiel Thomas Woo bearhsu.

Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.

An Effective Defense Against Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.

Tracking down Traffic Dario Bonfiglio Marco Mellia Michela Meo Nicolo’ Ritacca Dario Rossi.

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

Network Planète Chadi Barakat

Traffic Classification through Simple Statistical Fingerprinting M. Crotti, M. Dusi, F. Gringoli, L. Salgarelli ACM SIGCOMM Computer Communication Review,

Revealing Skype Traffic: When Randomness Plays with You D. Bonfiglio 1, M. Mellia 1, M. Meo 1, D. Rossi 2, P. Tofanelli 3 Dipartimento di Elettronica,

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Network and Systems Laboratory nslab.ee.ntu.edu.tw Te-Yuan Huang, Kuan-Ta Chen, Polly Huang Network and Systems Laboratory National Taiwan University Institute.

1 mmdump Reference: “mmdump: A Tool for Monitoring Internet Multimedia Traffic” J. van der Merwe, R. Cceres, Y-H. Chu, C. Sreenan. ACM SIGCOMM Computer.

SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.

1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College.

TCP/IP Protocol Suite 1 Chapter 25 Upon completion you will be able to: Multimedia Know the characteristics of the 3 types of services Understand the methods.

On the processing time for detection of Skype traffic P.M. Santiago del Río, J. Ramos, J.L. García-Dorado, J. Aracil Universidad Autónoma de Madrid A.

Firewall Fingerprinting Amir R. Khakpour 1, Joshua W. Hulst 1, Zhihui Ge 2, Alex X. Liu 1, Dan Pei 2, Jia Wang 2 1 Michigan State University 2 AT&T Labs.

Copyright © 2003 OPNET Technologies, Inc. Confidential, not for distribution to third parties. Session 1341: Case Studies of Security Studies of Intrusion.

Heuristics to Classify Internet Backbone Traffic based on Connection Patterns Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering.

NDT: Update Duplex Mismatch Detection Rich Carlson Winter Joint Tech February 15, 2005.

The Impact of Active Queue Management on Multimedia Congestion Control Wu-chi Feng Ohio State University.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 28 Multimedia.

Internet Measurment Multimedia 1. Properties Challenges Tools State of the Art 2.

Wireless communications and mobile computing conference, p.p , July 2011.

1 Real-Time Traffic over the IEEE Medium Access Control Layer Tian He.

TCP/IP Protocol Suite 1 Chapter 25 Upon completion you will be able to: Multimedia Know the characteristics of the 3 types of services Understand the methods.

Development of a QoE Model Himadeepa Karlapudi 03/07/03.

Chapter 5 Peer-to-Peer Protocols and Data Link Layer Timing Recovery.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.

An Effective Defense Against Spam Laundering Author: Mengjun Xie, Heng Yin, Haining Wang Presented At: CCS’ 06 Prepared By: Amit Shrivastava.

Voice Performance Measurement and related technologies

Chapter 29 Multimedia Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Real-time Streaming Protocol (RTSP)

Signal and Image Processing Lab

Monitoring Persistently Congested Internet Links

Neha Jain Shashwat Yadav

Network Performance and Quality of Service

Empirically Characterizing the Buffer Behaviour of Real Devices

Mrinalini Sawhney CS-710 Presentation 2006/09/12

Monitoring Network Bias

Measuring Service in Multi-Class Networks

Chapter 2 Introduction Application Requirements VS. Transport Services

Chapter 25 Multimedia TCP/IP Protocol Suite

A Framework for Automatic Resource and Accuracy Management in A Cloud Environment Smita Vijayakumar.

Congestion Control, Internet transport protocols: udp

Transport Layer Unit 5.

Internet2 Fall Member Meeting, October 2003

CSE679: Multimedia and Networking

Unknown Malware Detection Using Network Traffic Classification

[Preliminary Simulation Results on Power Saving]

Process-to-Process Delivery:

CIS679: MPEG-2 Review of MPEG-1 MPEG-2 Multimedia and networking.

Pong: Diagnosing Spatio-Temporal Internet Congestion Properties

VoIP—Voice over Internet Protocol

Smita Vijayakumar Qian Zhu Gagan Agrawal

Congestion Control, Internet Transport Protocols: UDP

2019/5/10 A Technique for Classification of VoIP Flows in UDP Media Streams using VoIP Signalling Traffic Author: Tejmani Sinam, Irengbam Tilokchan Singh,

Process-to-Process Delivery: UDP, TCP

Transport Layer Identification of P2P Traffic

Session 20 INST 346 Technologies, Infrastructure and Architecture

Lu Tang , Qun Huang, Patrick P. C. Lee

Presentation transcript:

On-line Detection of Real Time Multimedia Traffic Fang Hao, Murali Kodialam, and T.V. Lakshman Bell Laboratories, Alcatel-Lucent October 16, 2009

Motivation Network operators need tools to manage traffic based on nature of applications Differentiated treatment based on application types QoS provisioning for real-time traffics New network services customized to applications Increasing volume of audio and video traffic demand better monitoring tools Need to detect real-time traffic in real-time VoIP, Internet radio, video conferencing, surveillance, streaming… Challenges: Random ports Streaming using HTTP/HTTPS Data encryption

Problem Definition Source Monitor Assumptions Source: (near) constant packet rate Common reasons: CODEC, output smoothing buffer, … Network is “stable” during detection time (a few seconds) FIFO arrival Bound on network delay jitter Goal: Detect smoothness in packet timing

Inter-packet gap ? EX1 Non real-time Real-time EX2 Arrival time Gap Non real-time Real-time EX2 Stream 1 with gap: 3, 3, 3, 5, 5, 5, … Inter-packet gap may be misleading Smaller variance in inter-packet gap ≠ smoother traffic Strong correlation between consecutive gaps Stream 2 with gap: 3, 5, 3, 5, 3, 5, …

Smoothness Definition Packet arrival time Measures deviation of X from constant rate stream with inter-arrival gap α θ-bounded: If exists α ≥ 0, s.t. S(α, X(k)) ≤ θ for all k = 1, 2, … n Example: constant rate stream is 0-bounded

Detecting smoothness of a stream Given a θ, for each new arrival, calculate upper/lower bound of feasible inter- arrival gap α Track min upper bound & max lower bound upper Arrival Time lower Bound on α Non real-time Packet Index Detection terminates when either No feasible α exists ( non real-time), or Pre-defined detection time is over ( real-time) Algorithm suitable for on-line calculation: only need to track 5 numbers

Inferring Source Stream from Remote Observing Point If observed stream is smooth, then source stream is smooth (with looser bound) S(α,A): smoothness of source stream S(α,T): smoothness of observed stream V(D): network delay jitter bound Proof details in paper

Engineering Twists Multiple thresholds for faster detection time Tighter bound for shorter detection time Well-behaving streams can be detected fast Looser bound for longer detection time Looser bound can be tuned to accommodate border conditions, making detection more robust Allowing detection to reset and restart Irregularity during starting time Signaling messages at beginning may violate constant rate assumption Restart to skip initial unstable period CODEC changes form multiple “lines” (with different α) Restart when new line is detected

Case Study: Skype Detection Methodology Customize the detection algorithm for Skype Setting parameters (bounds) based on trial experiments TCP PUSH flag Mean packet size Estimated α (based on known Skype CODEC) Test false negative – if it is Skype, do we miss it ? Traces from controlled clients (both LAN & WAN setup) Traces from field (one day traffic from access network) Only use Skype VoIP flows that we know for sure based on probe signatures and manual inspection Test false positive – do we take non-Skype as Skype ? Traces collected from internal corporate network Common corporate apps: web client/server, enterprise software, experimental apps No real-time apps during collection

Skype Detection Results Comparison with Naïve Bayesian Classifier (NBC) from Sigcom’07 3 times smaller 2 orders of magnitude smaller Gap (α) Estimate Skype flow detection and CODEC rate estimation: an example CODEC rate: 1pkt/20ms Arrival Time

More Experiment Results Gap (α) Estimate Gap (α) Estimate Arrival Time Arrival Time Internet radio over HTTP 1pkt/140ms VLC UDP Streaming (MPEG4/DivX) 1pkt/7ms Jagged line caused by I-frames

Conclusions To make statistical inference on real-time flows, inter-arrival gap is insufficient Packet arrival time gives more accurate picture Algorithm for detecting flow smoothness Formal analysis Experiments based on field and lab traces Skype Other VoIP app, Internet radio, various streaming apps Future work Hi-def video P2P TV

Backup

Existing methods Signature based detection Carefully inspect/reverse engineer each application: ports, packet content, message sequence, “community behavior”, … Need to diligently follow each application updates Machine learning Based on chosen parameters of flows Lower accuracy; not suitable for on-line detection Statistical model based on inter-packet gap, packet size, and payload randomness for Skype detection (Bonfiglio et al. Sigcomm’07) Issues with packet size Many different sizes to track (depending on codec) Size can be changed by relay nodes