Generating representative Web workloads for network and server performance evaluation
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Detection, Estimation, and Modulation Theory: Radar-Sonar Signal Processing and Gaussian Signals in Noise
Time Series Analysis: Forecasting and Control
Time Series Analysis: Forecasting and Control
Using signal processing to analyze wireless data traffic
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Measuring Bottleneck Link Speed in Packet-Switched Networks
Measuring Bottleneck Link Speed in Packet-Switched Networks
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
End-to-end available bandwidth: measurement methodology, dynamics, and relation with TCP throughput
IEEE/ACM Transactions on Networking (TON)
A measurement study of available bandwidth estimation tools
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Locating internet bottlenecks: algorithms, measurements, and implications
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
CapProbe: a simple and accurate capacity estimation technique
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A wavelet-based approach to detect shared congestion
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A wavelet-based framework for proactive detection of network misconfigurations
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Detecting periodic patterns in internet traffic with spectral and statistical methods
Detecting periodic patterns in internet traffic with spectral and statistical methods
Evaluation and characterization of available bandwidth probing techniques
IEEE Journal on Selected Areas in Communications
Parametric methods for anomaly detection in aggregate traffic
IEEE/ACM Transactions on Networking (TON)
Computers and Electrical Engineering
Hi-index | 0.01 |
Persistently saturated links are abnormal conditions that indicate bottlenecks in Internet traffic. Network operators are interested in detecting such links for troubleshooting, to improve capacity planning and traffic estimation, and to detect denial-of-service attacks. Currently bottleneck links can be detected either locally, through SNMP information, or remotely, through active probing or passive flow-based analysis. However, local SNMP information may not be available due to administrative restrictions, and existing remote approaches are not used systematically because of their network or computation overhead. This paper proposes a new approach to remotely detect the presence of bottleneck links using spectral and statistical analysis of traffic. Our approach is passive, operates on aggregate traffic without flow separation, and supports remote detection of bottlenecks, addressing some of the major limitations of existing approaches. Our technique assumes that traffic through the bottleneck is dominated by packets with a common size (typically the maximum transfer unit, for reasons discussed in Section 5.1). With this assumption, we observe that bottlenecks imprint periodicities on packet transmissions based on the packet size and link bandwidth. Such periodicities manifest themselves as strong frequencies in the spectral representation of the aggregate traffic observed at a downstream monitoring point. We propose a detection algorithm based on rigorous statistical methods to detect the presence of bottleneck links by examining strong frequencies in aggregate traffic. We use data from live Internet traces to evaluate the performance of our algorithm under various network conditions. Results show that with proper parameters our algorithm can provide excellent accuracy (up to 95%) even if the traffic through the bottleneck link accounts for less than 10% of the aggregate traffic.