|
|
|
|
|
|
TRAFFIC
CHARACTERIZATION AND MODELLING Traffic modelling has an increasing importance in the management and
dimensioning of telecommunications networks. The complexity associated with
the generation and traffic control mechanisms, as well as the diversity of
applications and services, introduced a set of peculiar traffic
characteristics, such as self-similarity, long range dependence and
multifractality. These characteristics have a strong impact on the network
performance and, therefore, need to be properly modelled. Markovian Models My research work in this area studies the influence of the traffic
second order statistics on network performance, through the analysis of the
so called correlation horizon that separates the relevant from the irrelevant
parts of the autocovariance function. Besides, I have proposed a set of
traffic models and their associated inference procedures: (i) inference
procedures for the two-state discrete-time Markov modulated Poisson process (2-MMPP);
(ii) two Markovian traffic models (and their corresponding inference
procedures), based on the dMMPP with an arbitrary number of states, that have
the intrinsic capability to adjust the traffic self-similar characteristics –
one model is based on the superposition of dMMPPs and the other one is
intrinsically hierarchical. Lindenmayer Systems (L-Systems) models I was also involved in the proposal of traffic models based on
Lindenmayer systems (L-Systems) and the respective parameter inference
procedures. L-Systems were introduced in 1968 by A. Lindenmayer as a method
to model plant growth. Starting from an initial symbol, an L-System generates
iteratively progressively longer sequences of symbols, by successive
application of production rules. In order to define traffic models based on
L-Systems, the symbols are interpreted as arrival rates or mean packet sizes
and each iteration is associated with a time scale of the traffic. The
proposed models included one to characterize the packet arrivals and three
other to characterize simultaneously the packet arrivals and the packet sizes
with different levels of detail. These models are able to capture the
multiscaling and multifractal characteristics of the traffic. User Behaviour Characterization I have also been involved in a proposal for reliable and efficient
classification of Internet users based on their traffic profile. The proposal
addressed the classification of Internet users, presenting, discussing and
comparing two different approaches for solving this problem: Discriminant
Analysis and artificial Neural Networks. MOBILITY
MODELLING António Nogueira was involved in
the proposal of a discrete time Markov
Modulated Bivariate Gaussian Process that is able
to characterize the position and mobility of any mobile node, assuming that
the position within a generic sub-region can be described by a bi-variate Gaussian distribution and the transition between
sub-regions can be described by an underling (homogeneous) Markov chain. This
approach allows to describe the mobile node movement within and between a set
of geographic regions determined by the model itself and, due to the Markovian nature of the model, it is also possible to
capture complex dynamics and calculate the future probabilistic position of a
mobile node. This approach can be applied to scenarios where the possible
pathways are unknown or too complex to consider in a real model that must
make a prediction in a very short time. NETWORK
MODELLING Existing proposals for modeling network characteristics are focused on
particular networking characteristics and do not cope with modern
requirements for integrated characterization and prediction of network
related events. So, António Nogueira
has been involved in the proposal of a novel multi-dimensional discrete
Markov Modulated Deterministic Processes (dMMDPs)
model and an associate parameter fitting procedure that leads to accurate
joint estimation of the first and second order statistics of multiple network
related events. The procedure matches simultaneously both the
multidimensional density distribution function and the autocovariance
functions of the univariate marginal statistics.
One of the main features of this model is that the number of states is not
fixed a priori, and can be adapted to the particular dataset and network
events being modeled. TRAFFIC
MEASUREMENTS Measurement Architectures and Platforms The ever growing complexity of modern data networks requires versatile
and scalable network monitoring architectures. I have been involved in the
proposal of a network monitoring system with a peer-to-peer (P2P)
architecture, allowing for high tolerance to failures and distributed storage
of measured data. The main features of the architecture, namely the system
elements and its hierarchical organization, the protocols for handshaking,
promoting and demotion of system elements, and distributing control
information, the algorithm for system startup, addition of new elements and failure
recovery, and the procedures for storing, replicating, searching and
downloading measurement data. Ground Truth Establishment Ground truth in the context of network anomaly detection requires a
complete list of all anomalies that exist in a given data set. Identifying
the true-positive anomalies requires combing through vast amounts of data
that are sometimes of poor quality due to data-reduction techniques such as
sampling. In addition, the anomalies themselves are a moving target and often
hard to distinguish. The challenges of obtaining high-quality data have led
to many compromises in the evaluation of anomaly detectors, which in turn
leads to “partial” ground truth. I have been involved in the definition and
development of simulation architectures and scenarios that can be used to
validate network data, whether it includes network anomalies or not. DETECTION/IDENTIFICATION
OF INTERNET APPLICATIONS An accurate mapping of traffic to their applications
can be very important for a broad range of network management and measurement
tasks including traffic engineering, service differentiation,
performance/failure monitoring, and security. Traditional mapping approaches
have become increasingly inaccurate because many applications use non-default
or ephemeral port numbers, use well-known port numbers associated with other
applications, change application signatures or use traffic encryption. António Nogueira proposed a new
approach, based on neural networks, that is able to identify flow patterns
generated by several Internet applications while overcoming the limitations
of existing approaches. The results obtained show that, when conveniently
trained, neural networks constitute a valuable tool to identify Internet
applications. INTERNET
SECURITY/ANOMALY DETECTION Anomaly Detection Based on Traffic Profiles The detection of compromised hosts is currently performed at the
network and host levels but any one of these options presents important
security flaws: at the host level, antivirus, anti-spyware and personal
firewalls are ineffective in the detection of hosts that are compromised via
new or target-specific malicious software while at the network level network
firewalls and Intrusion Detection Systems were developed to protect the
network from external attacks but they were not designed to detect and
protect against vulnerabilities that are already present inside the local
area network. António Nogueira was involved in the proposal of a new approach
for the identification of illicit traffic that tries to overcome some of the
limitations of existing approaches, while being computationally efficient and
easy to deploy. The approach is based on neural networks and is able to
detect illicit traffic based on the historical traffic profiles presented by
"licit" and "illicit" network applications. Anomaly Detection Based on Multiscale Analysis António Nogueira was involved in a novel framework for identifying IP
applications based on the multiscale behaviour of the generated traffic: by
performing clustering analysis over the multiscale parameters that are
inferred from the measured traffic, this methodology is able to efficiently
differentiate different IP applications. Besides achieving accurate
identification results, the approach also avoids some of the limitations of
existing identification techniques, namely their inability do deal with
stringent confidentiality requirements. NETWORK
PLANNING AND MANAGEMENT The increasing bandwidth demand and the frequent appearance of new
applications and QoS requirements has been creating the need for new tools
that can help managing IP networks. The network traffic profiles can be
attributed to the combination of different factors, like the number of users,
the capacity of the links and access points, traffic matrices, user’s mobility,
background traffic, diversity of applications and services and different user
behaviours. Integrated Network Modelling António Nogueira was involved in the proposal of a sufficiently
generic network mathematical model that is able to incorporate all important
aspects of a wired or wireless network, even without knowing the complete
traffic matrices, the detailed network characteristics or the users’ mobility
profiles. The network model is built from on a series of traffic measurements
of the input and output traffic on the different access links or access
points and from several QoS metrics and, once inferred, the model can be used
to predict the QoS parameters of the different links or access points, even
when there are significant changes on the number of network users. Characterization of Peer-to-peer Networks Given the importance of Peer-to-peer systems on current Internet
traffic, António Nogueira has been involved in the characterization of P2P
networks under different perspectives: the timely evolution on the
geographical distribution and the number of active peers; the variation of
the Round Trip Time (RTT) with the distance between the source and the
destination peers; dependence of the RTT on different Internet access
connection types and on the different periods of the day. NEW
INTERNET SERVICES The dispersion and variety of multimedia contents
makes their delivery to the target audience extremely difficult and also
prevents users from getting the contents that better adapt to their preferences.
Therefore, there is a need to develop a centralized infrastructure to
classify contents and users and make a personalized distribution of the
multimedia contents. António Nogueira
has been involved in the development of a novel IPTV service for the distribution
of personalized multimedia contents over IP networks based on the concept of
content-zapping, in contrast to traditional channel-zapping: each client
system receives a multimedia streaming that is automatically composed by the
system based on the user preferences and the user will only interact with the
system by requesting a content change or marking a content as favourite. The
server must maintain a list of media contents residing in other systems and
must keep a dynamic classification of the multimedia contents that are stored
in its database. This classification is built and gradually refined based on
the interactions between clients and multimedia contents. Special attention
is given in the paper to the classification model, describing the general
ideas that are used to automatically suggest multimedia contents to a
specific user (that is characterized by his complete profile). A specific
content may be suggested to the user based on the knowledge of the user
profile and/or based on specific and dynamic information, such as the user
position, the local temperature, date and time. The availability of this
information obviously depends on the specific user device that is being used. |
|
