Presentation is loading. Please wait.

Presentation is loading. Please wait.

Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University.

Published byCuthbert Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University."— Presentation transcript:

1 Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University of Technology Göteborg, Sweden

2 2008-02-29Licentiate Seminar Wolfgang John Internet, 1983 Internet, 2005 Why measure Internet traffic? (1) The Internet is changing in size ARPANET, 1969

3 2008-02-29Licentiate Seminar Wolfgang John The Internet is changing in application Why measure Internet traffic? (2)

4 2008-02-29Licentiate Seminar Wolfgang John The Internet –is constantly developing –is used differently in different locations –is heterogeneous The Internet is not understood in its entirety! INTERconnected NETworks Why measure Internet traffic? (3) INTER NET

5 2008-02-29Licentiate Seminar Wolfgang John Operational purpose –Troubleshooting, provisioning, planning …. Scientific purpose –Protocols, infrastructure and services –Performance properties –Internet simulation models –Security measures Why measure Internet traffic? (4)

6 2008-02-29Licentiate Seminar Wolfgang John Thesis Objectives 1.Guidelines for Internet measurement 2.Current traffic characteristics 3.Traffic decomposition 4.Inconsistent behavior

7 2008-02-29Licentiate Seminar Wolfgang John Outline Measurement approaches Internet measurement challenges The MonNet project Scientific contribution Results –Four studies included Conclusions Measurement Analysis

8 2008-02-29Licentiate Seminar Wolfgang John Measurement approaches Network traffic measurement Active Passive Software Hardware Online Offline Flows Packets Complete Headers Different protocol levels Statistical summaries Transport layer

9 2008-02-29Licentiate Seminar Wolfgang John Internet measurement challenges (1) Legal considerations Ethical and moral considerations Operational considerations Technical considerations

10 2008-02-29Licentiate Seminar Wolfgang John Measurement challenges (3) Technical considerations Data amount –Exhausting I/O and storage access speeds Data reduction techniques –Filtering, sampling, packet truncation Timing –Clock synchronization

11 2008-02-29Licentiate Seminar Wolfgang John The MonNet Project (1) Technical Solution 10 Gbps Göteborg splitter Borås 10 Gbps Processing Platform and Storage Measurement Node 2 Measurement Node 1

12 2008-02-29Licentiate Seminar Wolfgang John The MonNet Project (2) Internet Regional ISPs Göteborg Stockholm Other smaller Univ. and Institutes Göteborgs Univ. Student- Net Chalmers Univ. Measurement location Borås April 2006 148 traces (20 minutes) 11 billion packets, 7.6 TB of data Sept. – Nov. 2006 554 traces (10 minutes) 28 billion packets, 19.5 TB of data

13 2008-02-29Licentiate Seminar Wolfgang John Scientific Contribution Level of complexity Quantification of inconsistent behavior Traffic characterization Packet level Flow level Traffic classes Study I Study II Study IV Study III Upcoming

14 2008-02-29Licentiate Seminar Wolfgang John Study I: Packet Level Analysis Updated packet-level characteristics of Internet traffic Inconsistencies in headers will appear –Network attacks and malicious traffic –Active OS fingerprinting –Buggy applications or protocol stacks

15 2008-02-29Licentiate Seminar Wolfgang John High level analysis does not necessarily show differences → detailed analysis does! 2 main reasons for directional differences: –Malicious traffic the Internet is “unfriendly” –P2P Göteborg is a P2P source P2P is changing traffic characteristics e.g. packet sizes, TCP termination, TCP option usage Study II: Flow level analysis

16 2008-02-29Licentiate Seminar Wolfgang John Study III: Classification Method (1) Classification of flow traffic without payload Heuristics to identify nature of endpoints Rules based on connection patterns and port numbers –5 rules for P2P traffic –10 rules to classify other types of traffic remove ‘false positives’ from P2P

17 2008-02-29Licentiate Seminar Wolfgang John Study III: Classification Method (2) # connections in 10 6 Amount of data in TB Comparison of classification methods for P2P traffic

18 2008-02-29Licentiate Seminar Wolfgang John Study III: Classification Method (3) Previous classification methods on packet header traces don’t work well on backbone data Proposal of refined and updated heuristics –Simple and fast method to decompose traffic –No payload required –Effectively used even on short traces (10 min) 0.2% of the data left unclassified

19 2008-02-29Licentiate Seminar Wolfgang John Study IV: Classification Results (1) Tuesday, 18.04.2006

20 2008-02-29Licentiate Seminar Wolfgang John Study IV: Classification Results (2) Application breakdown April till Nov. 2006

21 2008-02-29Licentiate Seminar Wolfgang John Study IV: Classification Results (3) Connection establishment for traffic classes

22 2008-02-29Licentiate Seminar Wolfgang John Study IV: Classification Results (4) Behavior of P2P traffic –Unsuccessful TCP connection attempts increasing –Serving peers terminate with FIN and RST Decreased from 20% to 8% –UDP overlay traffic doubled TCP options deployment differs –P2P behaves as expected –Web traffic shows artifacts of client-server patter e.g. popular web-servers neglecting SACK option

23 2008-02-29Licentiate Seminar Wolfgang John Summary 1.Guidelines for Internet measurement Experiences of the MonNet project 2.Current traffic characteristics Packet and flow level 3.Traffic decomposition Traffic classification method 4.Inconsistent behavior Packet header anomalies Malicious traffic flows

24 2008-02-29Licentiate Seminar Wolfgang John General remarks Internet today is essential, but still not understood entirely Large-scale traffic measurements uncommon –A lot of analysis is done on outdated datasets Each study generated as much questions as answers Reconsider measurement process (duration, payload…) A lot of open questions … …get more answers in two years…

Download ppt "Licentiate Seminar: On Measurement and Analysis of Internet Backbone Traffic Wolfgang John Department of Computer Science and Engineering Chalmers University."

Similar presentations

A First Look at Modern Enterprise Traffic

A First Look at Modern Enterprise Traffic
Centre de Comunicacions Avançades de Banda Ampla (CCABA) Universitat Politècnica de Catalunya (UPC) Identification of Network Applications based on Machine.

Centre de Comunicacions Avançades de Banda Ampla (CCABA) Universitat Politècnica de Catalunya (UPC) Identification of Network Applications based on Machine.
The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.

The testbed environment for this research to generate real-world Skype behaviors for analyzation is as follows: A NAT-ed LAN consisting of 7 machines running.
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.

A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 WAN Traffic Measurements There have been several studies of wide area network traffic.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
OSI Model.

OSI Model.
PBS: Periodic Behavioral Spectrum of P2P Applications Tom Z.J. Fu, Yan Hu, Xingang Shi, Dah Ming Chiu and John C.S. Lui The Chinese University of Hong.

PBS: Periodic Behavioral Spectrum of P2P Applications Tom Z.J. Fu, Yan Hu, Xingang Shi, Dah Ming Chiu and John C.S. Lui The Chinese University of Hong.
Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.

Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.
1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.

1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.
Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Assessing the Nature of Internet traffic: Methods and Pitfalls Wolfgang John Chalmers University of Technology, Sweden together with Min Zhang Beijing.

Assessing the Nature of Internet traffic: Methods and Pitfalls Wolfgang John Chalmers University of Technology, Sweden together with Min Zhang Beijing.
Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.

Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.
P2P Games Conference “Attributes of the Gaming Cloud?” Norman Henderson ASANKYA 678-778-0836.

P2P Games Conference “Attributes of the Gaming Cloud?” Norman Henderson ASANKYA
A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.

A fast identification method for P2P flow based on nodes connection degree LING XING, WEI-WEI ZHENG, JIAN-GUO MA, WEI- DONG MA Apperceiving Computing and.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
Sales Kickoff - ARCserve

Sales Kickoff - ARCserve
A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.

A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.
Traffic Classification through Simple Statistical Fingerprinting M. Crotti, M. Dusi, F. Gringoli, L. Salgarelli ACM SIGCOMM Computer Communication Review,

Traffic Classification through Simple Statistical Fingerprinting M. Crotti, M. Dusi, F. Gringoli, L. Salgarelli ACM SIGCOMM Computer Communication Review,

Similar presentations

Ads by Google