John Heidemann

Spectral Analysis of Bottleneck Traffic

TitleSpectral Analysis of Bottleneck Traffic
Publication TypeTechnical Report
Year of Publication2005
AuthorsX. He, C. Papadopoulos, J. Heidemann, U. Mitra, U. Riaz, and A. Hussain
Date Publishedmay

Internet traffic contains a rich set of periodic patterns imposed by various processes. Examples include back-to-back packet transmissions on bottleneck links, periodic routing information exchange, transport layer effects such as TCP windowing behavior, and application layer effects such as misconfigured DNS clients. Analyzing such periodic patterns has wide applications, including a better understanding of network traffic dynamics, diagnosis of network anomalies, and detection of DDos attacks. However, current understanding of periodic behavior in aggregate traffic is quite limited. Many previous approaches often analyze traffic on a per-flow basis, and do not scale well to analyze high speed network traffic. This paper explores the application of spectral techniques to analyze network traffic. We propose an experimental methodol- ogy to guide the application, and as a case study, we use this methodology to analyze the spectral characteristics imposed by bottleneck links on aggregate traffic. In our approach, we passively gather packet traces from the network and then apply spectral techniques to extract periodic patterns embedded in the trace, particularly the regularities imposed by various bottleneck links. Unlike techniques utilizing packet inter-arrival time, our approach does not require flow separation or grouping. The only information required is the packet arrival time. Our experiments show that bottleneck links impose distinct signatures on the underlying traffic, and these signatures can be detected by a downstream monitoring point. We introduce four non-parametric algorithms based on the Bayes Maximum-likelihood Classifier to detect bottleneck flows inside the aggregate, and evaluate their performance using real Internet traffic. As our future work, we plan to design parametric detection algorithms for better performance, and apply the methodology to study other periodic network phenomena.