skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: A New Approach to Multivariate Network Traffic Analysis

Abstract

© 2019, Springer Science+Business Media, LLC & Science Press, China. Network traffic analysis is one of the core functions in network monitoring for effective network operations and management. While online traffic analysis has been widely studied, it is still intensively challenging due to several reasons. One of the primary challenges is the heavy volume of traffic to analyze within a finite amount of time due to the increasing network bandwidth. Another important challenge for effective traffic analysis is to support multivariate functions of traffic variables to help administrators identify unexpected network events intuitively. To this end, we propose a new approach with the multivariate analysis that offers a high-level summary of the online network traffic. With this approach, the current state of the network will display patterns compiled from a set of traffic variables, and the detection problems in network monitoring (e.g., change detection and anomaly detection) can be reduced to a pattern identification and classification problem. In this paper, we introduce our preliminary work with clustered patterns for online, multivariate network traffic analysis with the challenges and limitations we observed. We then present a grid-based model that is designed to overcome the limitations of the clustered pattern-based technique. Wemore » will discuss the potential of the new model with respect to the technical challenges including streaming-based computation and robustness to outliers.« less

Authors:
 [1];  [2]
  1. Texas A & M Univ., College Station, TX (United States). Dept. of Computer Science; Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States). Computational Research Div.
  2. Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States). Computational Research Div.
Publication Date:
Research Org.:
Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
Sponsoring Org.:
USDOE Office of Science (SC)
OSTI Identifier:
1526584
DOE Contract Number:  
AC02-05CH11231
Resource Type:
Journal Article
Journal Name:
Journal of Computer Science and Technology
Additional Journal Information:
Journal Volume: 34; Journal Issue: 2; Journal ID: ISSN 1000-9000
Country of Publication:
United States
Language:
English

Citation Formats

Kim, Jinoh, and Sim, Alex. A New Approach to Multivariate Network Traffic Analysis. United States: N. p., 2019. Web. doi:10.1007/s11390-019-1915-y.
Kim, Jinoh, & Sim, Alex. A New Approach to Multivariate Network Traffic Analysis. United States. doi:10.1007/s11390-019-1915-y.
Kim, Jinoh, and Sim, Alex. Fri . "A New Approach to Multivariate Network Traffic Analysis". United States. doi:10.1007/s11390-019-1915-y.
@article{osti_1526584,
title = {A New Approach to Multivariate Network Traffic Analysis},
author = {Kim, Jinoh and Sim, Alex},
abstractNote = {© 2019, Springer Science+Business Media, LLC & Science Press, China. Network traffic analysis is one of the core functions in network monitoring for effective network operations and management. While online traffic analysis has been widely studied, it is still intensively challenging due to several reasons. One of the primary challenges is the heavy volume of traffic to analyze within a finite amount of time due to the increasing network bandwidth. Another important challenge for effective traffic analysis is to support multivariate functions of traffic variables to help administrators identify unexpected network events intuitively. To this end, we propose a new approach with the multivariate analysis that offers a high-level summary of the online network traffic. With this approach, the current state of the network will display patterns compiled from a set of traffic variables, and the detection problems in network monitoring (e.g., change detection and anomaly detection) can be reduced to a pattern identification and classification problem. In this paper, we introduce our preliminary work with clustered patterns for online, multivariate network traffic analysis with the challenges and limitations we observed. We then present a grid-based model that is designed to overcome the limitations of the clustered pattern-based technique. We will discuss the potential of the new model with respect to the technical challenges including streaming-based computation and robustness to outliers.},
doi = {10.1007/s11390-019-1915-y},
journal = {Journal of Computer Science and Technology},
issn = {1000-9000},
number = 2,
volume = 34,
place = {United States},
year = {2019},
month = {3}
}

Works referenced in this record:

Thread cooperation in multicore architectures for frequency counting over multiple data streams
journal, August 2009

  • Das, Sudipto; Antony, Shyam; Agrawal, Divyakant
  • Proceedings of the VLDB Endowment, Vol. 2, Issue 1
  • DOI: 10.14778/1687627.1687653

Clustering data streams: theory and practice
journal, May 2003

  • Guha, S.; Meyerson, A.; Mishra, N.
  • IEEE Transactions on Knowledge and Data Engineering, Vol. 15, Issue 3
  • DOI: 10.1109/TKDE.2003.1198387

Maintaining Stream Statistics over Sliding Windows
journal, January 2002


NeTraMark: a network traffic classification benchmark
journal, January 2011

  • Lee, Suchul; Kim, Hyunchul; Barman, Dhiman
  • ACM SIGCOMM Computer Communication Review, Vol. 41, Issue 1
  • DOI: 10.1145/1925861.1925865

BLINC: multilevel traffic classification in the dark
journal, October 2005

  • Karagiannis, Thomas; Papagiannaki, Konstantina; Faloutsos, Michalis
  • ACM SIGCOMM Computer Communication Review, Vol. 35, Issue 4
  • DOI: 10.1145/1090191.1080119

Scalable k-means++
journal, March 2012

  • Bahmani, Bahman; Moseley, Benjamin; Vattani, Andrea
  • Proceedings of the VLDB Endowment, Vol. 5, Issue 7
  • DOI: 10.14778/2180912.2180915

Convolutional wasserstein distances: efficient optimal transportation on geometric domains
journal, July 2015

  • Solomon, Justin; de Goes, Fernando; Peyré, Gabriel
  • ACM Transactions on Graphics, Vol. 34, Issue 4
  • DOI: 10.1145/2766963

Measuring IP and TCP behavior on edge nodes with Tstat
journal, January 2005