Remote Detection of Bottleneck Links Using Spectral and Statistical Methods. He, X., Papadopoulos, C., Heidemann, J., Mitra, U., & Riaz, U. September 2008. to appear, Computer Networks![Remote Detection of Bottleneck Links Using Spectral and Statistical Methods [link]](https://bibbase.org/img/filetypes/link.svg "link")
Paper abstract bibtex Persistently saturated links are abnormal conditions that indicate bottlenecks in Internet traffic. Network operators are interested in detecting such links for troubleshooting, to improve capacity planning and traffic estimation, and to detect denial-of-service attacks. Currently bottleneck links can be detected either locally, through SNMP information, or remotely, through active probing or passive flow-based analysis. However, local SNMP information may not be available due to administrative restrictions, and existing remote approaches are not used systematically because of their network or computation overhead. This paper proposes a new approach to remotely detect the presence of bottleneck links using spectral and statistical analysis of traffic. Our approach is \emphpassive, operates on \emphaggregate traffic without flow separation, and supports \emphremote detection of bottlenecks, addressing some of the major limitations of existing approaches. Our technique assumes that traffic through the bottleneck is dominated by packets with a common size (typically the maximum transfer unit, for reasons discussed in Section e̊fsec:spectral_testbed). With this assumption, we observe that bottlenecks imprint periodicities on packet transmissions based on the packet size and link bandwidth. Such periodicities manifest themselves as strong frequencies in the spectral representation of the aggregate traffic observed at a downstream monitoring point. We propose a detection algorithm based on rigorous statistical methods to detect the presence of bottleneck links by examining strong frequencies in aggregate traffic. We use data from live Internet traces to evaluate the performance of our algorithm under various network conditions. Results show that with proper parameters our algorithm can provide excellent accuracy (up to 95%) even if the traffic through the bottleneck link accounts for less than 10% of the aggregate traffic.
@Unpublished{He08a,
author = "Xinming He and Christos Papadopoulos and John
Heidemann and Urbashi Mitra and Usman Riaz",
title = "Remote Detection of Bottleneck Links Using Spectral and Statistical Methods",
note = "to appear, Computer Networks",
year = 2008,
sortdate = "2008-09-01",
project = "ant, madcat, nocredit",
jsubject = "chronological",
month = sep,
jlocation = "johnh: pafile",
keywords = "spectral analysis, bottleneck detection",
url = "https://ant.isi.edu/%7ejohnh/PAPERS/He08a.html",
pdfurl = "https://ant.isi.edu/%7ejohnh/PAPERS/He08a.pdf",
myorganization = "USC/Information Sciences Institute",
project = "ant",
abstract = "
Persistently saturated links are abnormal conditions that indicate
bottlenecks in Internet traffic. Network operators are interested in
detecting such links for troubleshooting, to improve capacity planning
and traffic estimation, and to detect denial-of-service attacks.
Currently bottleneck links can be detected either locally, through
SNMP information, or remotely, through active probing or passive
flow-based analysis. However, local SNMP information may not be
available due to administrative restrictions, and existing remote
approaches are not used systematically because of their network or
computation overhead. This paper proposes a new approach to remotely
detect the presence of bottleneck links using spectral and statistical
analysis of traffic. Our approach is \emph{passive}, operates on
\emph{aggregate traffic} without flow separation, and supports
\emph{remote detection} of bottlenecks, addressing some of the major
limitations of existing approaches. Our technique assumes that
traffic through the bottleneck is dominated by packets with a common
size (typically the maximum transfer unit, for reasons discussed in
Section \ref{sec:spectral_testbed}). With this assumption, we observe
that bottlenecks imprint periodicities on packet transmissions based
on the packet size and link bandwidth. Such periodicities manifest
themselves as strong frequencies in the spectral representation of the
aggregate traffic observed at a downstream monitoring point. We
propose a detection algorithm based on rigorous statistical methods to
detect the presence of bottleneck links by examining strong
frequencies in aggregate traffic. We use data from live Internet
traces to evaluate the performance of our algorithm under various
network conditions. Results show that with proper parameters our
algorithm can provide excellent accuracy (up to 95\%) even if the
traffic through the bottleneck link accounts for less than 10\% of the
aggregate traffic.
",
}
Downloads: 0
{"_id":"obHv99HrEqqgENGm2","bibbaseid":"he-papadopoulos-heidemann-mitra-riaz-remotedetectionofbottlenecklinksusingspectralandstatisticalmethods-2008","author_short":["He, X.","Papadopoulos, C.","Heidemann, J.","Mitra, U.","Riaz, U."],"bibdata":{"bibtype":"unpublished","type":"unpublished","author":[{"firstnames":["Xinming"],"propositions":[],"lastnames":["He"],"suffixes":[]},{"firstnames":["Christos"],"propositions":[],"lastnames":["Papadopoulos"],"suffixes":[]},{"firstnames":["John"],"propositions":[],"lastnames":["Heidemann"],"suffixes":[]},{"firstnames":["Urbashi"],"propositions":[],"lastnames":["Mitra"],"suffixes":[]},{"firstnames":["Usman"],"propositions":[],"lastnames":["Riaz"],"suffixes":[]}],"title":"Remote Detection of Bottleneck Links Using Spectral and Statistical Methods","note":"to appear, Computer Networks","year":"2008","sortdate":"2008-09-01","project":"ant","jsubject":"chronological","month":"September","jlocation":"johnh: pafile","keywords":"spectral analysis, bottleneck detection","url":"https://ant.isi.edu/%7ejohnh/PAPERS/He08a.html","pdfurl":"https://ant.isi.edu/%7ejohnh/PAPERS/He08a.pdf","myorganization":"USC/Information Sciences Institute","abstract":"Persistently saturated links are abnormal conditions that indicate bottlenecks in Internet traffic. Network operators are interested in detecting such links for troubleshooting, to improve capacity planning and traffic estimation, and to detect denial-of-service attacks. Currently bottleneck links can be detected either locally, through SNMP information, or remotely, through active probing or passive flow-based analysis. However, local SNMP information may not be available due to administrative restrictions, and existing remote approaches are not used systematically because of their network or computation overhead. This paper proposes a new approach to remotely detect the presence of bottleneck links using spectral and statistical analysis of traffic. Our approach is \\emphpassive, operates on \\emphaggregate traffic without flow separation, and supports \\emphremote detection of bottlenecks, addressing some of the major limitations of existing approaches. Our technique assumes that traffic through the bottleneck is dominated by packets with a common size (typically the maximum transfer unit, for reasons discussed in Section e̊fsec:spectral_testbed). With this assumption, we observe that bottlenecks imprint periodicities on packet transmissions based on the packet size and link bandwidth. Such periodicities manifest themselves as strong frequencies in the spectral representation of the aggregate traffic observed at a downstream monitoring point. We propose a detection algorithm based on rigorous statistical methods to detect the presence of bottleneck links by examining strong frequencies in aggregate traffic. We use data from live Internet traces to evaluate the performance of our algorithm under various network conditions. Results show that with proper parameters our algorithm can provide excellent accuracy (up to 95%) even if the traffic through the bottleneck link accounts for less than 10% of the aggregate traffic. ","bibtex":"@Unpublished{He08a,\n\tauthor = \"Xinming He and Christos Papadopoulos and John\n Heidemann and Urbashi Mitra and Usman Riaz\",\n\ttitle = \"Remote Detection of Bottleneck Links Using Spectral and Statistical Methods\",\n\tnote = \t\t\"to appear, Computer Networks\",\n\tyear =\t\t2008,\n\tsortdate = \t\t\"2008-09-01\",\n\tproject = \"ant, madcat, nocredit\",\n\tjsubject = \"chronological\",\n\tmonth =\t\tsep,\n\tjlocation =\t\"johnh: pafile\",\n\tkeywords =\t\"spectral analysis, bottleneck detection\",\n\turl =\t\t\"https://ant.isi.edu/%7ejohnh/PAPERS/He08a.html\",\n\tpdfurl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/He08a.pdf\",\n\tmyorganization =\t\"USC/Information Sciences Institute\",\n\tproject = \"ant\",\n\tabstract = \"\nPersistently saturated links are abnormal conditions that indicate\nbottlenecks in Internet traffic. Network operators are interested in\ndetecting such links for troubleshooting, to improve capacity planning\nand traffic estimation, and to detect denial-of-service attacks.\nCurrently bottleneck links can be detected either locally, through\nSNMP information, or remotely, through active probing or passive\nflow-based analysis. However, local SNMP information may not be\navailable due to administrative restrictions, and existing remote\napproaches are not used systematically because of their network or\ncomputation overhead. This paper proposes a new approach to remotely\ndetect the presence of bottleneck links using spectral and statistical\nanalysis of traffic. Our approach is \\emph{passive}, operates on\n\\emph{aggregate traffic} without flow separation, and supports\n\\emph{remote detection} of bottlenecks, addressing some of the major\nlimitations of existing approaches. Our technique assumes that\ntraffic through the bottleneck is dominated by packets with a common\nsize (typically the maximum transfer unit, for reasons discussed in\nSection \\ref{sec:spectral_testbed}). With this assumption, we observe\nthat bottlenecks imprint periodicities on packet transmissions based\non the packet size and link bandwidth. Such periodicities manifest\nthemselves as strong frequencies in the spectral representation of the\naggregate traffic observed at a downstream monitoring point. We\npropose a detection algorithm based on rigorous statistical methods to\ndetect the presence of bottleneck links by examining strong\nfrequencies in aggregate traffic. We use data from live Internet\ntraces to evaluate the performance of our algorithm under various\nnetwork conditions. Results show that with proper parameters our\nalgorithm can provide excellent accuracy (up to 95\\%) even if the\ntraffic through the bottleneck link accounts for less than 10\\% of the\naggregate traffic.\n\",\n}\n\n","author_short":["He, X.","Papadopoulos, C.","Heidemann, J.","Mitra, U.","Riaz, U."],"bibbaseid":"he-papadopoulos-heidemann-mitra-riaz-remotedetectionofbottlenecklinksusingspectralandstatisticalmethods-2008","role":"author","urls":{"Paper":"https://ant.isi.edu/%7ejohnh/PAPERS/He08a.html"},"keyword":["spectral analysis","bottleneck detection"],"metadata":{"authorlinks":{}}},"bibtype":"unpublished","biburl":"https://bibbase.org/f/dHevizJoWEhWowz8q/johnh-2023-2.bib","dataSources":["YLyu3mj3xsBeoqiHK","fLZcDgNSoSuatv6aX","fxEParwu2ZfurScPY","7nuQvtHTqKrLmgu99"],"keywords":["spectral analysis","bottleneck detection"],"search_terms":["remote","detection","bottleneck","links","using","spectral","statistical","methods","he","papadopoulos","heidemann","mitra","riaz"],"title":"Remote Detection of Bottleneck Links Using Spectral and Statistical Methods","year":2008}