[Cu-wireless] Network talk

[Ralph Johnson]

This talk is on Friday in Robin Kravets' cs497 class, which meets at 11 in
1310 DCL.  I have another class at the same time, but I thought this might
be interesting to CU Wireless people.  Once we get a network going, we'll
have to start analyzing the traffic, and this talk might be a good
introduction.

Speaker: Paul Barford
Title:  "A Signal Analysis of Network Traffic Anomalies"

Abstract:

Identifying anomalies rapidly and accurately is critical to the efficient
operation of large computer networks.  Accurately characterizing important
classes of anomalies greatly facilitates their identifications; however,
the subtleties and complexities of anomalous traffic can easily confound
this process.  In this talk we report results of signal analysis of four
classes of network traffic anomalies:  outages, flash crowds, attacks and
measurement failures.  Data for this study consists of IP flow and SNMP
measurements collected over a four month period at the border router of at
the University of Wisconsin.  Our results show that wavelet filters are
quite effective at exposing the details of both ambient and anomalous
traffic.  Specifically, we show that a pseudo-spline filter tuned at
specific aggregation levels will expose distinct characteristics of each
class of anomaly.  We show that an effective way of exposing anomalies is
via the detection of a sharp increase in the local variance of the
filtered data. We evaluate traffic anomaly signals at different points
within a network based on topological distance from the anomaly source or
destination.  We show that anomalies can be exposed effectively even when
aggregated with a large amount of additional traffic.  We also compare the
difference between the same traffic anomaly signals as seen in SNMP and IP
flow data, and show that the more coarse-grained SNMP data can also be
used to expose anomalies effectively.

In addition to this study, we will also outline current efforts in the
construction of the Wisconsin Advanced Internet Laboratory.  This new
facility consists of a large number of network components (routers,
switches, etc.) and end systems, and is aimed at recreating paths and
conditions identical to those in the Internet from
end-to-end-through-core.

Bio:

Paul Barford received his BS in electrical engineering from the
University of Illinois at Champaign-Urbana in 1985, and his Ph.D. in
Computer Science from Boston University in December, 2000.  He is an
assistant professor of computer science at the University of Wisconsin at
Madison.  He is the founder and director of the Wisconsin Advanced
Internet Laboratory and his research interests are in the design,
measurement, and modeling of wide area networked systems and network
protocols.