1 / 22

Multiplicative Cascades for Non-Stationary Computer Network Traffic

Multiplicative Cascades for Non-Stationary Computer Network Traffic. Patricia H. Carter Naval Surface Warfare Center Dahlgren June 11, 2002. data. internet. Firewall. Enclave. traffic. data collector. Packet Rate Process. TCP packets entering/leaving protected network

tgaona
Download Presentation

Multiplicative Cascades for Non-Stationary Computer Network Traffic

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multiplicative Cascades for Non-Stationary Computer Network Traffic Patricia H. Carter Naval Surface Warfare Center Dahlgren June 11, 2002

  2. data internet Firewall Enclave traffic data collector Statistis & Machine Learning in Computer Intrusion Detection

  3. Packet Rate Process • TCP packets entering/leaving protected network • raw data is arrival times • packet rate process is # of packets/unit time Statistis & Machine Learning in Computer Intrusion Detection

  4. Multiplicative cascade: pros and con Motivation: packet rate process roughly lognormal hierarchal model of user sessions Anti-motivation: central role of multiplexing for aggregate traffic Statistis & Machine Learning in Computer Intrusion Detection

  5. Packet Rate Process “approximately” Log Normal – Hour 12 Statistis & Machine Learning in Computer Intrusion Detection

  6. Individual IP user model - web session pages connections packets Statistis & Machine Learning in Computer Intrusion Detection

  7. e.g., One Web Page Statistis & Machine Learning in Computer Intrusion Detection

  8. Multiplexing on-off – “connections” Statistis & Machine Learning in Computer Intrusion Detection

  9. Random Multiplicative Cascade synthesis – three realizations Statistis & Machine Learning in Computer Intrusion Detection

  10. On/Off model for single process implies self-similarity for aggregate Suppose the each individual process is modeled by a On/Off process with Pareto distribution: Then the aggregate cumulative packet rate process behaves statistically like fractional Brownian motion – it is self-similar with scaling parameter: Taqqu, Willinger, Sherman, Proof of a Fundamental Result in Self-Similar Traffic Modeling 1997 Statistis & Machine Learning in Computer Intrusion Detection

  11. Multiplicative Cascade:synthesis m p 1-p pm (1-p)m p is a random variable from a distribution(s) supported on [0,1] conservative cascade: pm+(1-p)m=m Statistis & Machine Learning in Computer Intrusion Detection

  12. Multiplicative Cascade:analysis a+b 1-p=b/(a+b) p=a/(a+b) a b If (a+b)=0 then choose p uniformly from {0,1} . The values 0 and 1 are markers for empty subintervals. Statistis & Machine Learning in Computer Intrusion Detection

  13. Multifractal Aggregate Traffic ModelRandom Multiplicative Cascade 1 p p 1-p p0,p1 V1 p (1-p0) p p0 (1-p1) (1-p) p1 (1-p) p00,p01,p10,p11 [m, p, p0, p1, p00, p01, p10, p11] Statistis & Machine Learning in Computer Intrusion Detection

  14. the vector P of multipliers Suppose packet rate process R has 2L samples next smallest scale p’s smallest scale p’s in time order Finally P and R are a transform pair. Statistis & Machine Learning in Computer Intrusion Detection

  15. Packet Rate Process:Three Resolutions Statistis & Machine Learning in Computer Intrusion Detection

  16. Multipliers calculated via inverse cascade procedure Statistis & Machine Learning in Computer Intrusion Detection

  17. Multipliers Plotted as a Function of Scale – hour 0 Statistis & Machine Learning in Computer Intrusion Detection

  18. Multipliers Plotted as a Function of Scale – hour 12 Statistis & Machine Learning in Computer Intrusion Detection

  19. Histograms of variance-normalized Multipliers and fitted Beta distribution Statistis & Machine Learning in Computer Intrusion Detection

  20. Log Variances of Multipliers versus Log Scale - Hour 12 Statistis & Machine Learning in Computer Intrusion Detection

  21. Multiple Scale Empirical Structure Function where are the multipliers calculated at level M. Statistis & Machine Learning in Computer Intrusion Detection

  22. Multiple Scale Structure Functions From Variance-Normalized Multipliers Statistis & Machine Learning in Computer Intrusion Detection

More Related