Network Traffic Analysis

Abstract

Network traffic is omnipresent in everyday life. Any electronic device with the ability so send or receive data, such as computers, telephones, tablets, TV sets, or even cars, not to mention "core" network equipment, acts as source and destination of network traffic. As in real traffic, data flow through available paths (links) which can become congested, degraded or plain broken. Network traffic analysis allows for detection, diagnosis and prevention of network problems, as well as for early planning of future network deployments.

Anomaly detection is a prominent application field of network traffic analysis. In a globalized world, any device connected to the Internet can interact with others anywhere in the world, which renders them potentially vulnerable to (intentional or unintentional) bad behavior of other devices and networks. Anomaly detection techinques look for anomalous patterns in network traffic and signal them to the network manager so that anomalies may be acted upon timely and the network is not affected.

Network traffic is not easy to characterize for its markedly bursty nature, which derives in huge variance values. Hence, traditional models such as the Gaussian distribution are unable to describe network traffic behavior correctly. The stable family of distributions, although difficult to handle, has been used widely in research fields where natural phenomena exhibit such large variance values. Network traffic analysis and, in particular, anomaly detection, benefit from stable distributions by making accurate characterization of network traffic a reality.

Journal papers

  • Simmross-Wattenberg, F., M. Martin-Fernandez, P. Casaseca-de-la-Higuera, and C. Alberola-López, "Fast calculation of alpha-stable density functions based on off-line precomputations. Application to ML parameter estimation", Digital Signal Processing, 2014.
  • Simmross-Wattenberg, F., J. Ignacio Asensio-Pérez, P. Casaseca-de-la-Higuera, M. Martin-Fernandez, Y. A. Dimitriadis, and C. Alberola-López, "Anomaly detection in network traffic based on statistical inference and alpha-stable modeling", Dependable and Secure Computing, IEEE Transactions on, vol. 8, pp. 494–509, 2011.

 

Conference papers

  • M. Stoppa, J. E. López-de-Vergara-Méndez, F. Simmross-Wattenberg, and J. Luis García-Dorado, "Comparativa entre distribuciones alpha-estables para modelar tasas de transferencia obtenidas a partir de registros de SNMP y NetFlow", Jornadas de Ingeniería Telemática (JITEL), Granada, Spain, Asociación de Telemática (ATEL), 2013.
  • Simmross-Wattenberg, F., A. Tristán-Vega, P. Casaseca-d la Higuera, J. Ignacio Asensio-Pérez, M. Martin-Fernandez, Y. A. Dimitriadis, and C. Alberola-López, "Modelling Network Traffic as alpha-Stable Stochastic Processes: An Approach Towards Anomaly Detection", Proc. VII Jornadas de Ingenierıa Telematica (JITEL), pp. 25–32, 2008.

Software

  Fast calculation of stable density functions based on off-line precomputations [Matlab Exchange]: Implementation of a proposal to compute arbitrary stable densities based on interpolation and offline precomputations. Full text in Simmross-Wattenberg, F., M. Martin-Fernandez, P. Casaseca-de-la-Higuera, and C. Alberola-López, "Fast calculation of alpha-stable density functions based on off-line precomputations. Application to ML parameter estimation", Digital Signal Processing, 2014.