Understanding Patterns of TCP Connection Usage with Statistical Clustering

Authors:
Felix Hernandez-Campos;Andrew B. Nobel;F. Donelson Smith;Kevin Jeffay
Affiliations:
Department of Computer Science;Department of Statistics and Operations Research University of North Carolina at Chapel Hill;Department of Computer Science;Department of Computer Science
Venue:
MASCOTS '05 Proceedings of the 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems
Year:
2005

Citing 0
Cited 9

Empirical Models of TCP and UDP End-User Network Traffic from NETI@home Data Analysis

Proceedings of the 20th Workshop on Principles of Advanced and Distributed Simulation
Tmix: a tool for generating realistic TCP application workloads in ns-2

ACM SIGCOMM Computer Communication Review
A stratified traffic sampling methodology for seeing the big picture

Computer Networks: The International Journal of Computer and Telecommunications Networking
Existence Plots: A Low-Resolution Time Series for Port Behavior Analysis

VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Empirical Models of End-User Network Behavior from NETI@home Data Analysis

Simulation
Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications

DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking
Summary-invisible networking: techniques and defenses

ISC'10 Proceedings of the 13th international conference on Information security
Finding peer-to-peer file-sharing using coarse network behaviors

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe a new methodology for understanding how applications use TCP to exchange data. The method is useful for characterizing TCP workloads and synthetic traffic generation. Given a packet header trace, the method automatically constructs a source-level model of the applications using TCP in a network without any a priori knowledge of which applications are actually present in a network. From this source-level model, statistical feature vectors can be defined for each TCP connection in the trace. Hierarchical cluster analysis can then be performed to identify connections that are statistically homogeneous and that are likely exert similar demands on a network. We apply the methods to packet header traces taken from the UNC and Abilene networks and show how classes of similar connections can be automatically detected and modeled.