| Presentation | 2006-11-16 Inferring original traffic pattern from sampled flow statistics Tatsuya MORI, Ryoichi KAWAHARA, Noriaki KAMIYAMA, Keisuke ISHIBASHI, Shigeaki HARADA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Packet sampling has become a practical and indispensable means to measure flow statistics. Nowadays, most of major ISPs are monitoring their networks based on the sampled flow statistics collected at main routers. Recent studies have demonstrated that analyzing traffic patterns is crucial in detecting network anomalies. For example, sharp increase in the number of small flows may be related to an anomalous event such as worm outbreak. We may not be able to infer the original traffic patterns correctly from the sampled flow statistics because sampling process wipes out a lot of information about small flows, which play a vital role in determining the characteristics of traffic patterns. In this paper, we first show an example of how the sampling process wipes out the original statistics using measured data. Then, we show empirical examples indicating that the original traffic pattern cannot be inferred correctly even if we use a statistical inference method for incomplete data, i.e., the EM algorithm, for sampled flow statistics. Finally, we show that additional information about the original flow statistics, the number of unsampled flows, is helpful in tracking the change in original traffic patterns using sampled flow statistics. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | measurement / flow / sampling / entropy / EM algorithm |
| Paper # | NS2006-125,CQ2006-66,TM2006-39 |
| Date of Issue |
| Conference Information | |
| Committee | NS |
|---|---|
| Conference Date | 2006/11/9(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Network Systems(NS) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Inferring original traffic pattern from sampled flow statistics |
| Sub Title (in English) | |
| Keyword(1) | measurement |
| Keyword(2) | flow |
| Keyword(3) | sampling |
| Keyword(4) | entropy |
| Keyword(5) | EM algorithm |
| 1st Author's Name | Tatsuya MORI |
| 1st Author's Affiliation | NTT Service Integration Laboratories:National Institute of Informatics() |
| 2nd Author's Name | Ryoichi KAWAHARA |
| 2nd Author's Affiliation | NTT Service Integration Laboratories:National Institute of Informatics |
| 3rd Author's Name | Noriaki KAMIYAMA |
| 3rd Author's Affiliation | NTT Service Integration Laboratories:National Institute of Informatics |
| 4th Author's Name | Keisuke ISHIBASHI |
| 4th Author's Affiliation | NTT Information Sharing Platform Laboratories |
| 5th Author's Name | Shigeaki HARADA |
| 5th Author's Affiliation | NTT Service Integration Laboratories:National Institute of Informatics |
| Date | 2006-11-16 |
| Paper # | NS2006-125,CQ2006-66,TM2006-39 |
| Volume (vol) | vol.106 |
| Number (no) | 355 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |