Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3."— Presentation transcript:

1 Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3 and Manolis Ploumidis 1,2 1 Department of Computer Science, University of Crete 2 Institute of Computer Science, Foundation for Research and Technology-Hellas 3 Microsoft Research * This work was partially supported by General Secretariat for Research and Technology and by European Commission with a Marie Curie IRG grant COST-TMA: meeting @ Samos, September 22 nd, 23 rd 2008

2 2 Research interests Traffic modeling  Impact of parameters (number of flows, flow inter-arrivals, flow sizes) on accuracy Topology & mobility modeling Traffic forecasting (moving averages, Singular Spectrum Analysis, etc) Client profiling Mobile p2p computing  Data diffusion using realistic mobility models Efficient selection of appropriate network interface/channel based on network conditions/application requirements Efficient distributed monitoring Understanding the impact of network conditions on user experience

3 3 Roadmap Objectives Testbed, data acquisition & preprocessing Data analysis  Aggregate traffic  AP traffic  Client traffic Conclusions Research in progress …

4 4 Objectives Classify flows into application types Identify dominant & popular application types Compare UNC network with other wired & wireless networks Characterize AP & client traffic

5 5 Infrastructure

6 6 Testbed, data acquisition & preprocessing Testbed  488 APs, 382 monitored  6,593 distinct MAC addresses – 9,125 distinct IPs Data acquisition  Packet header traces from egress router  Client SNMP data Data preprocessing  Correlation of packet headers with client SNMP  Classification of flows using BLINC

7 7 Classification with BLINC: heuristics Host behavior (e.g., client-server, collaborative) o Host popularity: number of distinct destination IPs o Clusters of hosts using a collaborative application o Number of source ports Transport layer protocol: TCP vs. UDP Cardinality of sets (ports vs. IPs) Per flow average packet size o Constant in several applications (e.g., malware) “Farms” of services: neighboring IPs Non-payload flows (e.g., attacks)

8 8 Graphlet library

9 9 Dominant application types Application typeFlows(%)Bytes(%)Packets(%) Network Management 9.950.421.54 Chat2.050.481.47 Web35.0657.5946.88 P2P30.0424.8534.46 Online Games1.110.010.07 FTP0.911.571.72 Mail0.070.330.21 AddScan6.40.120.58 PortScan0.390.320.28 Streaming0.10.170.19 Unknown13.214.0912.64

10 10 Popular application types Clients with at least one flow per application type Application typeClients(%) Network Management17 Chat73 Web99 P2P43 Online Games4 Ftp7 Mail1.5 AddScan73 PortScan1.4 Streaming0.5 Unknown84

11 11 Compare with other testbeds Traffic share for most dominant application types Wired & wireless testbeds  UNC wired network  Dartmouth wireless infrastructure  Residential campus % Res. CampusUNC WiredUNC WirelessDartmouth Web37.548.6857.5928.6 P2P31.934.8524.8519.3 may have missed all Web traffic that was not accessed through one of the well-known ports for Web

12 12 Home application type of APs Traffic of this application type > than x% of total AP traffic  Web most prevalent home application type xWeb(%)P2P(%)Ftp(%)Mail(%)Unkn 5085.96.170.2804.2 7555.80.28000.84 9025.20.28000

13 13 Client traffic characterization Client home application: Application type of which this clients transfer >X% of their traffic Clients have strong application preferences  ~ 50% of clients have home application type (for X=90)  Web: most prevalent home application type Clients with no home application are dominated by Web Only a minority of clients have P2P as dominant application

14 14 Wireless traffic load Wide range of workloads & log normality is prevalent  Light traffic load but with long tails Dichotomy among APs:  APs dominated by uploaders  APs dominated by downloaders Majority of APs send & receive packets of small size Significant number of APs with asymmetric packet sizes:  APs with large sent & small receive packets  APs with small sent & large receive packets

15 15 Application-based characterization Most popular applications  Web browsing & p2p accounting ~81% of total traffic  These applications dominate most users and APs  Web dominates both AP & client traffic share Network management & scanning activity ~17% of total flows Application-mix varies within APs of same building Wireless clients with strong application-type interests File transfer flows (e.g., ftp, p2p) are heavier in wired network than in wireless one Flow sizes per application type  Different between wired & wireless network

16 16 In progress … Focus on applications with real-time constraints  Impact of “extreme” network conditions on performance & user satisfaction Statistical analysis for client profiles  Comparable analysis with other wireless networks

17 17 UNC/FORTH Web Archive Online repository of  Wireless measurement traces Packet header, SNMP, SYSLOG, signal quality  Models  Tools http://netserver.ics.forth.gr/datatraces  Login/ password access after free registration Maria Papadopouli mgp@ics.forth.grmgp@ics.forth.gr

18 18 Total network traffic across APs

19 19 Application traffic share across APs

20 20 Traffic asymmetry (2/2)

21 21 BLINC BLINd Classification  Flows in application types Focus on end hosts rather than on flow 3-level host behavior analysis  Social  Functional  Application Application signature based classification Accurate flows classification

22 22 Heuristics (2/2) 1. Community heuristic Farms of services in neighboring IPs 2. Recursive detection Interaction between servers Mail with Razor servers

23 23 Application level Transport layer interaction between hosts Based on TCP 4-tuple Empirically derived signatures – graphlets  Nodes: Src,Dst IP & Src,Dst Port  Edges: Flows through this TCP-tuple  Protocol type Host behavior against graphlet library

24 24 Bldg level application usage patterns % of APs with home application type / bldg type  Weak correlation between building category & # of APs with home application  Distinct APs different configurations Uneven traffic distribution across APs of same bldg  APs dominated by Web, P2P, or unknown traffic

25 25 Conclusions Three-level characterization of large scale infrastructure  Support admission control & AP selection mechanisms  Indicate user trends  Assist application specific traffic modeling Web dominates both AP & client traffic share P2P systems bear a significant impact Clients have strong application preferences

26 26 Heuristics used in classification 1. Transport layer protocol: TCP vs. UDP 2. Cardinality of sets Ports vs. IPs Constant in several applications (e.g., malware) 3. Community heuristic Farms of services in neighboring IPs 4. Non-payload flows (e.g., attacks )

27 27 Attack graphlets Address-Scan attack Address-Scan attack for specific IP set Port-scan attack

28 28 P2P Graphlets

29 29 Traffic asymmetry (1/2) Asymmetry index = total downloaded / total uploaded traffic Certain APs dominated by uploaders Asymmetry index / application type  Asymmetry index for P2P traffic < 1 for 40% of APs

30 30 Flow sizes per application type

31 31 Wireless user application preferences Similar between wireless & wired users Flow sizes / application type  Different between wired & wireless network Possible reasons  Application dependent  User-driven

Download ppt "Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3."

Similar presentations

Preference-based Mobility Model and the Case for Congestion Relief in WLANs using Ad hoc Networks Wei-jen Hsu, Kashyap Merchant, Haw-wei Shu, Chih-hsin.

Preference-based Mobility Model and the Case for Congestion Relief in WLANs using Ad hoc Networks Wei-jen Hsu, Kashyap Merchant, Haw-wei Shu, Chih-hsin.
On Scalable Measurement-driven Modeling of Traffic Demand in Large WLANs 1 Foundation for Research & Technology-Hellas (FORTH) & University of Crete 2.

On Scalable Measurement-driven Modeling of Traffic Demand in Large WLANs 1 Foundation for Research & Technology-Hellas (FORTH) & University of Crete 2.
Network Services Networking for Home & Small Business.

Network Services Networking for Home & Small Business.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
IEEE PIMRC 2005 1 A Comparative Measurement Study of the Workload of Wireless Access Points in Campus Networks Maria Papadopouli Assistant Professor Department.

IEEE PIMRC A Comparative Measurement Study of the Workload of Wireless Access Points in Campus Networks Maria Papadopouli Assistant Professor Department.
Accurate & scalable models for wireless traffic workload Assistant Professor Department of Computer Science, University of Crete & Institute of Computer.

Accurate & scalable models for wireless traffic workload Assistant Professor Department of Computer Science, University of Crete & Institute of Computer.
1 William Lee Duke University Department of Electrical and Computer Engineering Durham, NC 27708 Analysis of a Campus-wide Wireless Network February 13,

1 William Lee Duke University Department of Electrical and Computer Engineering Durham, NC Analysis of a Campus-wide Wireless Network February 13,
1 Empirical-based Analysis of a Cooperative Location-Sensing System 1 Institute of Computer Science, Foundation for Research & Technology-Hellas (FORTH)

1 Empirical-based Analysis of a Cooperative Location-Sensing System 1 Institute of Computer Science, Foundation for Research & Technology-Hellas (FORTH)
1 Network Traffic Measurement and Modeling Carey Williamson Department of Computer Science University of Calgary.

1 Network Traffic Measurement and Modeling Carey Williamson Department of Computer Science University of Calgary.
IFIP Performance 20071 Remote Analysis of a Distributed WLAN using Passive Wireless-side Measurement Aniket Mahanti Carey Williamson Martin Arlitt University.

IFIP Performance Remote Analysis of a Distributed WLAN using Passive Wireless-side Measurement Aniket Mahanti Carey Williamson Martin Arlitt University.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 WAN Traffic Measurements There have been several studies of wide area network traffic.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
UNC/FORTH Archive of Wireless Traces, Models and Tools 1 Foundation for Research & Technology-Hellas (FORTH) & University of Crete 2 University of North.

UNC/FORTH Archive of Wireless Traces, Models and Tools 1 Foundation for Research & Technology-Hellas (FORTH) & University of Crete 2 University of North.
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 Network Traffic Measurement A focus of networking research for 20+ years Collect.

Copyright © 2005 Department of Computer Science CPSC 641 Winter Network Traffic Measurement A focus of networking research for 20+ years Collect.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Similar presentations

Ads by Google