Traffic Features Measurement Based on Multi-Scale Aggregation Model
Analysis and measurement of traffic features are crucial for effective network management and traffic control. In this paper we proposed several traffic flow models to aggregate traffic packets in multiscales and entropy to measure the feature distribution hierarchically, and then seek for the important features and appropriate scale for traffic monitoring. DFlow model is a group of packets with identical triples: source address, destination address and destination port, and HFlow the same source and destination addresses. By removing traffic features from the NetFlow model, the aggregation scales are extended. Source and Destination addresses are selected to investigate the traffic characters with different flow models. The experimental results using actual traffic show that the number of flows is reduced when the aggregation scale is extended, and the entropy of normal traffic addresses is stable along with the monitoring time. On the other hand, the entropy of destination address is increased when the aggregation scales extended. Investigations into the traffic show that this is caused by the widely used of HTTP and Point to Point protocols. Analysis of the worm scanning traffic shows that the abnormal behavior patterns are more regularly than normal behavior and traffic features have the same entropy with different flow models. The results also show that the appropriate scale for traffic monitoring is the Dflow model, which reduced the data records by more than 30% while retain the traffic characters.
Network Monitoring Traffic Analysis Multi- Scale Hierarchical Entropy
Guodong Li Tao Qin Wei Li
Center of Network and Information Xian Jiaotong University, Xian China Science and Technology on I The School of Electronic and Information Engineering Xian Jiaotong University, Xian China Center of Network and Information Xian Jiaotong University, Xian China The School of Electronic an
国际会议
哈尔滨
英文
1021-1025
2011-12-24(万方平台首次上网日期,不代表论文的发表时间)