Network Traffic Sampling Model on Packet Identification
نویسندگان
چکیده
Spatially coordinated packet sampling can be implemented by using a deterministic function of packet content to determine the selection decision for a given packet. In this way, a given packet may be selected at either all points that it passes, or none. Selection amongst the set of packets should appear as random as possible. In this paper we calculate the empirical entropy of selection of bits from various fields from the packet header. Based on this study they propose using the IP identification field (IPID) to seed the selection decision. In order to sample at a given desired sampling rate, a mask is applied to the IPID, with selection occurring if the field matches a given value after masking. By applying a number of non-overlapping masks in succession, any rate within a given range can be specified. If the field contents were actually random, the long term sampling rate would be the ratio of ID value that survive the mask, to the total number of possible values. After researching and analyzing huge amounts of packet headers captured randomly on CERNET backbone, the result shows that 16 bits of identification field in IP packet header is enough for matching bits of sampling mask. Randomization and statistical attribute of the sampling are analyzed in the paper, and a multimask sampling model on the identification field can not only control sampling precise to 1/65536, but also use different sampling parameters among different measurement points. The randomicity and synchronization of sampled packets can be assured automatically, and both network traffic performance and statistical characters are analyzed.
منابع مشابه
Feature Extraction to Identify Network Traffic with Considering Packet Loss Effects
There are huge petitions of network traffic coming from various applications on Internet. In dealing with this volume of network traffic, network management plays a crucial rule. Traffic classification is a basic technique which is used by Internet service providers (ISP) to manage network resources and to guarantee Internet security. In addition, growing bandwidth usage, at one hand, and limit...
متن کاملBehavioral Analysis of Traffic Flow for an Effective Network Traffic Identification
Fast and accurate network traffic identification is becoming essential for network management, high quality of service control and early detection of network traffic abnormalities. Techniques based on statistical features of packet flows have recently become popular for network classification due to the limitations of traditional port and payload based methods. In this paper, we propose a metho...
متن کاملPerformance of OpenDPI in Identifying Sampled Network Traffic
The identification of the nature of the traffic flowing through a TCP/IP network is a relevant target for traffic engineering and security related tasks. Despite the privacy concerns it arises, Deep Packet Inspection (DPI) is one of the most successful current techniques. Nevertheless, the performance of DPI is strongly limited by computational issues related to the huge amount of data it needs...
متن کاملNew High Secure Network Steganography Method Based on Packet Length
In network steganography methods based on packet length, the length of the packets is used as a carrier for exchanging secret messages. Existing methods in this area are vulnerable against detections due to abnormal network traffic behaviors. The main goal of this paper is to propose a method which has great resistance to network traffic detections. In the first proposed method, the sender embe...
متن کاملAn Adaptive Trust Sampling Method for P2P Traffic Inspection
This paper focuses on the sampling-based Deep Packet Inspection for the traffic of P2P file sharing systems, especially for BitTorrent, and proposes a logarithmic-based Adaptive Trust Sampling (ATS) strategy for P2P traffic identification. In the whole process of sampling identification for P2P traffic, the sampling ratio of the current node in a P2P network can automatically adjust and dynamic...
متن کامل