Traffic analysis and characterization is in need of robust statistical
methods to deal with high-dimensionality of data and the high variability
of traffic conditions: bandwidth changes, congestions, or the great
variety of anomalies that one finds in traffic. To account for this difficulty,
we show and explain how and why random projection (sketch) based
analysis procedures combined with multi-resolution analysis provide
practitioners with an efficient and robust tool to disentangle actual long
term evolutions from time localized events such as anomalies and link
congestions. This contribution aims first at performing a longitudinal
study of the evolution of the traffic collected every day for seven years
on a trans-Pacific backbone link (the MAWI dataset), investigating
TCP/IP layer attributes, application usages and traffic statistics, notably
the persistence of Long Range Dependence. Second, we show how
a new profile-based anomaly detection and characterization algorithm
is designed from the joint use of sketches and of multiresolution non
Gaussian marginal distribution modeling. Using sketches makes also
possible a real-time identification of the IP source or destination addresses
associated to the detected anomaly and hence their mitigation.
P. Borgnat, P. Abry, G. Dewaele (ENS Lyon, France)
and K. Cho (IIJ, Japan), K. Fukuda (NII, Japan)
Copyright. All Rights Reserved.