1 / 31

Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network

COST-TMA: meeting @ Samos, September 22 nd , 23 rd 2008. Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network. Maria Papadopouli 1,2 Joint Research with Thomas Karagianis 3 and Manolis Ploumidis 1,2 1 Department of Computer Science, University of Crete

garrett-clarke
Download Presentation

Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COST-TMA: meeting @ Samos, September 22nd, 23rd 2008 Multi-level Application-based Traffic Characterization in a Large-scale Wireless Network Maria Papadopouli1,2 Joint Research with Thomas Karagianis3 and Manolis Ploumidis 1,2 1 Department of Computer Science, University of Crete 2 Institute of Computer Science, Foundation for ResearchandTechnology-Hellas 3 Microsoft Research *This work was partially supported by General Secretariat for Research and Technology and by European Commission with a Marie Curie IRG grant

  2. Research interests • Traffic modeling • Impact of parameters (number of flows, flow inter-arrivals, flow sizes) on accuracy • Topology & mobility modeling • Traffic forecasting (moving averages, Singular Spectrum Analysis, etc) • Client profiling • Mobile p2p computing • Data diffusion using realistic mobility models • Efficient selection of appropriate network interface/channel based on network conditions/application requirements • Efficient distributed monitoring • Understanding the impact of network conditions on user experience

  3. Roadmap • Objectives • Testbed, data acquisition & preprocessing • Data analysis • Aggregate traffic • AP traffic • Client traffic • Conclusions • Research in progress …

  4. Objectives • Classify flows into application types • Identify dominant & popular application types • Compare UNC network with other wired & wireless networks • Characterize AP & client traffic

  5. Infrastructure

  6. Testbed, data acquisition & preprocessing • Testbed • 488 APs, 382 monitored • 6,593 distinct MAC addresses – 9,125 distinct IPs • Data acquisition • Packet header traces from egress router • Client SNMP data • Data preprocessing • Correlation of packet headers with client SNMP • Classification of flows using BLINC

  7. Classification with BLINC: heuristics • Host behavior (e.g., client-server, collaborative) • Host popularity: number of distinct destination IPs • Clusters of hosts using a collaborative application • Number of source ports • Transport layer protocol: TCP vs. UDP • Cardinality of sets (ports vs. IPs) • Per flow average packet size • Constant in several applications (e.g., malware) • “Farms” of services: neighboring IPs • Non-payload flows (e.g., attacks)

  8. Graphlet library

  9. Dominant application types

  10. Popular application types Clients with at least one flow per application type

  11. Compare with other testbeds • Traffic share for most dominant application types • Wired & wireless testbeds • UNC wired network • Dartmouth wireless infrastructure • Residential campus may have missed all Web traffic that was not accessed through one of the well-known ports for Web

  12. Home application type of APs Traffic of this application type > than x% of total AP traffic • Web most prevalent home application type

  13. Client traffic characterization Client home application: Application type of which this clients transfer >X% of their traffic • Clients have strong application preferences • ~ 50% of clients have home application type (for X=90) • Web: most prevalent home application type • Clients with no home application are dominated by Web • Only a minority of clients have P2P as dominant application

  14. Wireless traffic load • Wide range of workloads & log normality is prevalent • Light traffic load but with long tails • Dichotomy among APs: • APs dominated by uploaders • APs dominated by downloaders • Majority of APs send & receive packets of small size • Significant number of APs with asymmetric packet sizes: • APs with large sent & small receive packets • APs with small sent & large receive packets

  15. Application-based characterization • Most popular applications • Web browsing & p2p accounting ~81% of total traffic • These applications dominate most users and APs • Web dominates both AP & client traffic share • Network management & scanning activity ~17% of total flows • Application-mix varies within APs of same building • Wireless clients with strong application-type interests • File transfer flows (e.g., ftp, p2p) are heavier in wired network than in wireless one • Flow sizes per application type • Different between wired & wireless network

  16. In progress … • Focus on applications with real-time constraints • Impact of “extreme” network conditions on performance & user satisfaction • Statistical analysis for client profiles • Comparable analysis with other wireless networks

  17. UNC/FORTH Web Archive • Online repository of • Wireless measurement traces • Packet header, SNMP, SYSLOG, signal quality • Models • Tools http://netserver.ics.forth.gr/datatraces • Login/ password access after free registration • Maria Papadopouli mgp@ics.forth.gr

  18. Total network traffic across APs

  19. Application traffic share across APs

  20. Traffic asymmetry (2/2)

  21. BLINC • BLINd Classification • Flows in application types • Focus on end hosts rather than on flow • 3-level host behavior analysis • Social • Functional • Application • Application signature based classification • Accurate flows classification

  22. Heuristics (2/2) • Community heuristic • Farms of services in neighboring IPs • Recursive detection • Interaction between servers • Mail with Razor servers

  23. Application level • Transport layer interaction between hosts • Based on TCP 4-tuple • Empirically derived signatures – graphlets • Nodes: Src,Dst IP & Src,Dst Port • Edges: Flows through this TCP-tuple • Protocol type • Host behavior against graphlet library

  24. Bldg level application usage patterns • % of APs with home application type / bldg type • Weak correlation between building category & # of APs with home application • Distinct APs different configurations • Uneven traffic distribution across APs of same bldg • APs dominated by Web, P2P, or unknown traffic

  25. Conclusions • Three-level characterization of large scale infrastructure • Support admission control & AP selection mechanisms • Indicate user trends • Assist application specific traffic modeling • Web dominates both AP & client traffic share • P2P systems bear a significant impact • Clients have strong application preferences

  26. Heuristics used in classification • Transport layer protocol: TCP vs. UDP • Cardinality of sets • Ports vs. IPs • Constant in several applications (e.g., malware) • Community heuristic • Farms of services in neighboring IPs • Non-payload flows (e.g., attacks)

  27. Attack graphlets • Address-Scan attack • Address-Scan attack for specific IP set • Port-scan attack

  28. P2P Graphlets

  29. Traffic asymmetry (1/2) Asymmetry index = total downloaded / total uploaded traffic • Certain APs dominated by uploaders • Asymmetry index / application type • Asymmetry index for P2P traffic < 1 for 40% of APs

  30. Flow sizes per application type

  31. Wireless user application preferences • Similar between wireless & wired users • Flow sizes / application type • Different between wired & wireless network • Possible reasons • Application dependent • User-driven

More Related