Predicting Resource Usage of Arbitrary Network Traffic Queries
نویسندگان
چکیده
Monitoring and mining real-time network data streams is crucial for managing and operating data networks. The information that network operators desire to extract from the network traffic is of different size, granularity and accuracy depending on the measurement task (e.g., relevant data for capacity planning and intrusion detection are very different). To satisfy these different demands, a new class of monitoring systems is emerging to handle multiple arbitrary and continuous traffic queries. Such systems must cope with the effects of overload situations due to the large volumes, high data rates and bursty nature of the network traffic – the alternative of provisioning them to handle peak rates is prohibitively expensive. In this paper, we present the design and evaluation of a system that can accurately predict the resource usage needs of network traffic queries, even in the presence of extreme and highly variable traffic conditions. The novelty of our system is that it is able to operate without any explicit knowledge of the traffic queries. Instead, it extracts a set of features from the traffic streams to build a prediction model of the query resource requirements with deterministic (and small) worst case computational cost. We present experimental evidence of the performance and robustness of our prediction methodology using real traffic traces and injecting synthetic traffic anomalies. Our results show that the system predicts the resources required to run each traffic query with small errors in all the various traffic scenarios. This prediction can later be used for load shedding purposes in order to allow current network monitoring systems to quicky react to overload situations by sampling the incoming packet streams or providing a summarized view of the input traffic.
منابع مشابه
Network Phenotyping for Network Traffic Classification and Anomaly Detection
This paper proposes to develop a network phenotyping mechanism based on network resource usage analysis and identify abnormal network traffic. The network phenotyping may use different metrics in the cyber physical system (CPS), including resource and network usage monitoring, physical state estimation. The set of devices will collectively decide a holistic view of the entire system through adv...
متن کاملA Quantitative Framework for Predicting Resource Usage and Load in Real-Time Systems based on UML Models
This paper presents a quantitative framework for predicting resource usage and load in Real-Time Systems (RTS). The prediction is based on an analysis of UML 2.0 sequence diagrams, augmented with timing information, to extract timed-control flow information. It is aimed at improving the predictability of a RTS by offering a systematic approach to predict system behavior in each time instant dur...
متن کاملPredicting and Controlling Resource Usage in a Heterogeneous Active Network
Active network technology envisions deployment of virtual execution environments within network elements, such as switches and routers. As a result, inhomogeneous processing can be applied to network traffic. To use such technology safely and efficiently, individual nodes must provide mechanisms to enforce resource limits. This implies that each node must understand the varying resource require...
متن کاملResource Usage Modeling for Network Monitoring Applications
Building robust network monitoring applications is hard given the unpredictable nature of network traffic and high, ever-increasing data rates. Traffic analysis systems must be designed with load shedding techniques in mind that can reduce the workload of a network monitoring system whilst gracefully degrading the accuracy of the results. We present a novel load shedding approach based on build...
متن کاملDetecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
متن کامل