Characteristics of wide-area TCP/IP conversations
SIGCOMM '91 Proceedings of the conference on Communications architecture & protocols
Ten lectures on wavelets
On the self-similar nature of Ethernet traffic
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
End-to-end packet delay and loss behavior in the internet
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Wide-area traffic: the failure of Poisson modeling
SIGCOMM '94 Proceedings of the conference on Communications architectures, protocols and applications
Self-similarity in World Wide Web traffic: evidence and possible causes
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Measuring bottleneck link speed in packet-switched networks
Performance Evaluation
End-to-end routing behavior in the Internet
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
Analyzing stability in wide-area network performance
SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
End-to-end Internet packet dynamics
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Generating representative Web workloads for network and server performance evaluation
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
An extensible probe architecture for network protocol performance measurement
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Measurements and analysis of end-to-end Internet dynamics
Measurements and analysis of end-to-end Internet dynamics
End-to-end internet packet dynamics
IEEE/ACM Transactions on Networking (TON)
Using pathchar to estimate Internet link characteristics
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
On estimating end-to-end network path properties
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Dynamics of IP traffic: a study of the role of variability and the impact of control
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Measuring Web performance in the wide area
ACM SIGMETRICS Performance Evaluation Review
Critical path analysis of TCP transactions
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Measuring link bandwidths using a deterministic model of packet delay
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Advances in Network Simulation
Computer
Sting: a TCP-based network measurement tool
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
SPAND: shared passive network performance discovery
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Wavelet analysis of long-range-dependent traffic
IEEE Transactions on Information Theory
The PingER project: active Internet performance monitoring for the HENP community
IEEE Communications Magazine
Measurement and analysis of IP network usage and behavior
IEEE Communications Magazine
The use of end-to-end multicast measurements for characterizing internal network behavior
IEEE Communications Magazine
Wide-area Internet traffic patterns and characteristics
IEEE Network: The Magazine of Global Internetworking
NetScope: traffic engineering for IP networks
IEEE Network: The Magazine of Global Internetworking
Using signal processing to analyze wireless data traffic
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
Rapid model parameterization from traffic measurements
ACM Transactions on Modeling and Computer Simulation (TOMACS)
A tool for RApid model parameterization and its applications
MoMeTools '03 Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research
Performance debugging for distributed systems of black boxes
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
A wavelet-based approach to detect shared congestion
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A wavelet-based framework for proactive detection of network misconfigurations
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
A method for estimating the proportion of nonresponsive traffic at a router
IEEE/ACM Transactions on Networking (TON)
Small-time scaling behavior of Internet backbone traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Long range dependent trafic
On TCP and self-similar traffic
Performance Evaluation - Long range dependence and heavy tail distributions
Realistic and responsive network traffic generation
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Mining web logs to debug distant connectivity problems
Proceedings of the 2006 SIGCOMM workshop on Mining network data
Flexible network monitoring with FLAME
Computer Networks: The International Journal of Computer and Telecommunications Networking - Active networks
Diagnosis of capacity bottlenecks via passive monitoring in 3G networks: An empirical analysis
Computer Networks: The International Journal of Computer and Telecommunications Networking
Can you hear me now?!: it must be BGP
ACM SIGCOMM Computer Communication Review
Network traffic analysis using singular value decomposition and multiscale transforms
Information Sciences: an International Journal
Proceedings of the 2007 workshop on Large scale attack defense
Proceedings of the first international conference on Networks for grid applications
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
A system for online compression of high-speed network measurements
International Journal of Internet Protocol Technology
Application of Wavelet Packet Transform to Network Anomaly Detection
NEW2AN '08 / ruSMART '08 Proceedings of the 8th international conference, NEW2AN and 1st Russian Conference on Smart Spaces, ruSMART on Next Generation Teletraffic and Wired/Wireless Advanced Networking
Spectral probing, crosstalk and frequency multiplexing in internet paths
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A wavelet-based approach to detect shared congestion
IEEE/ACM Transactions on Networking (TON)
Network anomaly detection based on wavelet analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Swing: realistic and responsive network traffic generation
IEEE/ACM Transactions on Networking (TON)
Compromising anonymous communication systems using blind source separation
ACM Transactions on Information and System Security (TISSEC)
Impact of prefix-match changes on IP reachability
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Application of anomaly detection algorithms for detecting SYN flooding attacks
Computer Communications
Small-time scaling behavior of Internet backbone traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Long range dependent trafic
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
Fast traffic anomalies detection using SNMP MIB correlation analysis
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 1
A novel signal-based approach to anomaly detection in IDS systems
ICANNGA'09 Proceedings of the 9th international conference on Adaptive and natural computing algorithms
On the use of sketches and wavelet analysis for network anomaly detection
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Real-time detection of traffic anomalies in wireless mesh networks
Wireless Networks
Discrete wavelet transform-based time series analysis and mining
ACM Computing Surveys (CSUR)
Combining wavelet analysis and information theory for network anomaly detection
Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies
Network intrusion detection using wavelet analysis
CIT'04 Proceedings of the 7th international conference on Intelligent Information Technology
Statistical and signal-based network traffic recognition for anomaly detection
Expert Systems: The Journal of Knowledge Engineering
Computer Networks: The International Journal of Computer and Telecommunications Networking
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
| Hi-index | 0.04 |
The main objective of this paper is to explore how much information about the characteristics of end-to-end network paths can be inferred from relying solely on passive packet-level traces of existing traffic collected from a single tap point in the network. To this end, we show that a number of structural properties of aggregate TCP/IP packet traces reveal themselves and can be compared across different time periods and across paths of the traffic destined to different subnets by exploiting the built-in scale-localization ability of wavelets. In turn, these structural properties and the resulting comparisons suggest the feasibility of new approaches for inferring and detecting qualitative aspects of network performance in a fashion that is similar to relying on active measurements, but without disturbing or biasing the metrics of interest. To showcase the feasibility, we developed WIND, a prototype tool for Wavelet-based INference for Detecting network performance problems and illustrate its capabilities to detect anomalies in underlying network path conditions with two examples of passively measured packet traces from two different networking environments. We address and experiment with ways of validating the output of WIND and end with a discussion of the potential of full-fledged wavelet-based analysis (i.e., the ability to localize a signal in scale and time) for future measurement studies.