The contents of this legacy page are no longer maintained nor supported, and are made available only for historical purposes.

Bibliography Details

C. Estan, S. Savage, and G. Vargheses, "Automatically Inferring Patterns of Resources Consumption in Network Traffic", in ACM SIGCOMM 2003, Aug 2003.

Automatically Inferring Patterns of Resources Consumption in Network Traffic
Authors: C. Estan
S. Savage
G. Vargheses
Published: ACM SIGCOMM, 2003
URL: http://www.cs.umn.edu/research/MINDS/papers/siam2003.pdf
Entry Dates: 2009-02-11
Abstract: The Internet service model emphasizes flexibility-any node can send any type of traffic at any time. While this design has allowed new applications and usage models to flourish, it also makes the job of network management significantly more challenging. This paper describes a new method of traffic characterization that automatically groups traffic into minimal clusters of conspicuous consumption. Rather than providing a static analysis specialized to capture flows, applications, or network-to-network traffic matrices, our approach dynamically produces hybrid traffic definitions that match the underlying usage. For example, rather than report five hundred small flows, or the amount of TCP traffic to port 80, or the "top ten hosts", our method might reveal that a certain percent of traffic was used by TCP connections between AOL clients and a particular group of Web servers. Similarly, our technique can be used to automatically classify new traffic patterns, such as network worms or peer-to-peer applications, without knowing the structure of such traffic a priori. We describe a series of algorithms for constructing these traffic clusters and minimizing their representation. In addition, we describe the design of our prototype system, AutoFocus and our experiences using it to discover the dominant and unusual modes of usage on several different production networks.
Results:
  • datasets: 1) small network exchange point: collected from SD-NAP, a small network exchange point in San Diego, Cailifornia, 31 days long starting on 12/07/2002; 2) large research institution: collected at the edge of a network that connects a large research insitution (roughly 15,000 hosts), 39 days long and it starts on 12/12; 3) backbone: collected at an OC-48 backbone link, 8 hours long, August 2001;
  • a new method for analyzing IP-based traffic, automatically infers a traffic model that matches the dominant modes of usages;
  • embodied it in the AutoFocus analysis system which has a Web-based user interface to allow managers to explore clusters across multiple time-scales and to drill down to explore the contents of any clusters of interest;