Identifying and Measuring Internet Traffic: Techniques and Considerations
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Growth of the Internet
Growth of the Internet K. G. Coffman and A. M. Odlyzko AT&T Labs - Research [email protected], [email protected] Preliminary version, July 6, 2001 Abstract The Internet is the main cause of the recent explosion of activity in optical fiber telecommunica- tions. The high growth rates observed on the Internet, and the popular perception that growth rates were even higher, led to an upsurge in research, development, and investment in telecommunications. The telecom crash of 2000 occurred when investors realized that transmission capacity in place and under construction greatly exceeded actual traffic demand. This chapter discusses the growth of the Internet and compares it with that of other communication services. Internet traffic is growing, approximately doubling each year. There are reasonable arguments that it will continue to grow at this rate for the rest of this decade. If this happens, then in a few years, we may have a rough balance between supply and demand. Growth of the Internet K. G. Coffman and A. M. Odlyzko AT&T Labs - Research [email protected], [email protected] 1. Introduction Optical fiber communications was initially developed for the voice phone system. The feverish level of activity that we have experienced since the late 1990s, though, was caused primarily by the rapidly rising demand for Internet connectivity. The Internet has been growing at unprecedented rates. Moreover, because it is versatile and penetrates deeply into the economy, it is affecting all of society, and therefore has attracted inordinate amounts of public attention. The aim of this chapter is to summarize the current state of knowledge about the growth rates of the Internet, with special attention paid to the implications for fiber optic transmission. -
Reviewing Traffic Classification
Reviewing Traffic Classification Silvio Valenti1,4, Dario Rossi1, Alberto Dainotti2, Antonio Pescape`2, Alessandro Finamore3, Marco Mellia3 1 Telecom ParisTech, France – [email protected] 2 Universita` di Napoli Federico II, Italy – [email protected] 3 Politecnico di Torino, Italy – [email protected] 4 Current affiliation: Google, Inc. Abstract. Traffic classification has received increasing attention in the last years. It aims at offering the ability to automatically recognize the application that has generated a given stream of packets from the direct and passive observation of the individual packets, or stream of packets, flowing in the network. This ability is instrumental to a number of activities that are of extreme interest to carriers, Internet service providers and network administrators in general. Indeed, traffic classification is the basic block that is required to enable any traffic management operations, from differentiating traffic pricing and treatment (e.g., policing, shap- ing, etc.), to security operations (e.g., firewalling, filtering, anomaly detection, etc.). Up to few years ago, almost any Internet application was using well-known transport- layer protocol ports that easily allowed its identification. More recently, the num- ber of applications using random or non-standard ports has dramatically increased (e.g. Skype, BitTorrent, VPNs, etc.). Moreover, often network applications are configured to use well-known protocol ports assigned to other applications (e.g. TCP port 80 originally reserved for Web traffic) attempting to disguise their pres- ence. For these reasons, and for the importance of correctly classifying traffic flows, novel approaches based respectively on packet inspection, statistical and machine learning techniques, and behavioral methods have been investigated and are be- coming standard practice. -
Quality of Services for ISP Networks
Quality of Services for ISP Networks Qi Guan SIEMENSAG Austria Siemensstrasse 88-92 A-1210, Vienna, Austria Key words: Quality of Service, QoS, ISP Internet, Backbone, VoiP Abstract: Quality of Service (QoS) is a basic functionality that the Internet needs to be able to cope with when the applications increased in number and varied in use. Internet QoS issues concerning the Internet involves many different areas: end user QoS, ISP network QoS, backbone QoS. Backbone QoS is the problem concerning traffic engineering and bandwidth. ISP network QoS is one of the major problems in the Internet, In this paper, we would like to present an architecture model for QoS enabled ISP networks. This model is based on differentiated services and is connected to QoS or non-QoS enabled backbones for IP upstream and downstream QoS traffic. At the end of paper, an example of VoiP application is introduced. 1. INTRODUCTION Until now, two separate worlds have existed for telecommunication services and networks - one for voice and one for data. The voice world is that of switched PSTN I ISDN networks, which generally provide real-time services and features such as call diversions, conference and display services. Switched PSTN I ISDN networks guarantee quality and reliability in the form of constant availability of voice services for their customers. As a result thereof, this quality of service has made voice networks extremely profitable. The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35522-1_37 H. -
An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers
applied sciences Article An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers Riaz Ullah Khan 1,* , Xiaosong Zhang 1, Rajesh Kumar 1 , Abubakar Sharif 1, Noorbakhsh Amiri Golilarz 1 and Mamoun Alazab 2 1 Center of Cyber Security, School of Computer Science & Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China; [email protected] (X.Z.); [email protected] (R.K.); [email protected] (A.S.); [email protected] (N.A.G.) 2 College of Engineering, IT and Environment, Charles Darwin University, Casuarina 0810, Australia; [email protected] * Correspondence: [email protected]; Tel.: +86-155-2076-3595 Received: 19 March 2019; Accepted: 24 April 2019; Published: 11 June 2019 Abstract: In recent years, the botnets have been the most common threats to network security since it exploits multiple malicious codes like a worm, Trojans, Rootkit, etc. The botnets have been used to carry phishing links, to perform attacks and provide malicious services on the internet. It is challenging to identify Peer-to-peer (P2P) botnets as compared to Internet Relay Chat (IRC), Hypertext Transfer Protocol (HTTP) and other types of botnets because P2P traffic has typical features of the centralization and distribution. To resolve the issues of P2P botnet identification, we propose an effective multi-layer traffic classification method by applying machine learning classifiers on features of network traffic. Our work presents a framework based on decision trees which effectively detects P2P botnets. A decision tree algorithm is applied for feature selection to extract the most relevant features and ignore the irrelevant features. -
Read Next-Level Networking for Speed and Security
Next-Level Networking for Speed and Security Laurie Weber CONTENTS IN THIS PAPER IP Peering and IP Transit Open Up With general Transit networks, you “get what you get.” For the Traffic Lanes 2 business-critical workloads, a provider with strong public and private Peering is a more reliable, higher-performing, and more The 2 Types of Peering Connections: secure option. Private and Public 3 This paper covers the affiliations that enable networks to, directly What Are the Alternatives? and indirectly, connect on the Internet using IP peering and IP Dedicated Internet Access 3 transit relationships. The discussion centers around the differences, Partnering with US Signal for Faster, advantages, and disadvantages of both IP peering and IP transit. It Safer, More Reliable Transport 4 also looks at why private peering (direct) and peering over a (pub- lic) Internet exchange (IX) could be more viable options, and which situations warrant one approach over the other. NEXT-LEVEL NETWORKING FOR SPEED AND SECURITY 1 Today, an estimated 3.010 billion Internet users (42% of BENEFITS OF IP TRANSIT—EASE, the world’s population) access the Internet every day. FLEXIBILITY, SPEED, REDUNDANCY That’s a lot of traffic traversing the globe. So, how do IP transit offers several business advantages. First, enterprises keep information flowing without having it’s an easy service to implement. Users pay for the to endure incessant bottlenecks, tolerate poor perfor- service, and the ISP takes care of the provider’s traffic mance, or compromise security? They do it through one requirements. or more variations of IP transit and IP peering. -
The Global Internet Phenomena Report 2019
The Global Internet Phenomena Report September 2019 The Global Internet Welcome! Phenomena Report September 2019 A word from Lyn Cantor, CEO, Sandvine About the Global Internet Welcome to the 2019 Global Internet Phenomena Report Phenomena Data Sandvine is a global leader in the network intelligence market segment. Our customer base represents over 160 Tier 1 and Tier 2 global network operators (fixed, mobile, satellite, WiFi, and enterprise) and our The 2019 version of categories. This has the effect of smoothing out The data in this edition of the Global Internet solutions touch over 2.5 billion internet subscribers worldwide. the Global Internet the impact that a special event has on traffic Phenomena Report is drawn from Sandvine’s Phenomena Report across a six month period. installed base of over 160 Tier 1 and Tier 2 fixed, The foundation of our business is being the best network intelligence was truly a labor of love mobile, and WiFi operators worldwide. The report company with unmatched depth and breadth of pre-packaged use cases, for me. Last year, we Some of the events that occurred have clearly does not include significant data from either China or that help our customers understand, optimize, automate, and manage built a new foundation had an impact on the global share of specific India, but the data represents a portion of Sandvine’s subscriber quality of experience (QoE). Our objective is to provide for the report with more traffic types, but the data is speaking pretty 2.5B subscribers installed base, a statistically the best vendor-agnostic granularity, accuracy, and automated exploration of traffic clearly on the trends, and it is impossible to significant segment of the internet population. -
Machine Learning for Identifying Botnet Network Traffic
Aalborg Universitet Machine learning for identifying botnet network traffic Stevanovic, Matija; Pedersen, Jens Myrup Publication date: 2013 Document Version Accepted author manuscript, peer reviewed version Link to publication from Aalborg University Citation for published version (APA): Stevanovic, M., & Pedersen, J. M. (2013). Machine learning for identifying botnet network traffic. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. ? Users may download and print one copy of any publication from the public portal for the purpose of private study or research. ? You may not further distribute the material or use it for any profit-making activity or commercial gain ? You may freely distribute the URL identifying the publication in the public portal ? Take down policy If you believe that this document breaches copyright please contact us at [email protected] providing details, and we will remove access to the work immediately and investigate your claim. Downloaded from vbn.aau.dk on: September 23, 2021 Machine learning for identifying botnet network traffic (Technical report) Matija Stevanovic and Jens Myrup Pedersen Networking and Security Section, Department of Electronic Systems Aalborg University, DK-9220 Aalborg East, Denmark Email: {mst, jens}@es.aau.dk Abstract—During the last decade, a great scientific effort ment, improving it’s mechanisms of propagation, malicious has been invested in the development of methods that could activity, and resilience to take-down efforts. -
Peer-To-Peer Networks – Protocols, Cooperation and Competition
Peer-to-Peer Networks – Protocols, Cooperation and Competition Hyunggon Park Signal Processing Laboratory (LTS4), Institute of Electrical Engineering, Swiss Federal Institute of Technology (EPFL), Lausanne, Switzerland Rafit Izhak Ratzin Computer Science Department, University of California, Los Angeles (UCLA), Los Angeles, USA Mihaela van der Schaar Multimedia Communications and Systems Laboratory, Electrical Engineering Department, University of California, Los Angeles (UCLA), Los Angeles, USA 1. INTRODUCTION Peer-to-peer (P2P) networks connect many end-hosts (also referred to as peers) in an ad-hoc manner. P2P networks have been typically used for file sharing applications, which enable peers to share digitized content such as general documents, audio, video, electronic books, etc. Recently, more advanced applications such as real-time conferences, online gaming, and media streaming have also been deployed over such networks. Unlike traditional client-server networks, where servers only provide content, and clients only consume content, in P2P networks, each peer is both a client and a server. It has been observed that P2P file sharing applications dominate Internet traffic usage. In fact, a wide range of measurements, which were performed in 8 different geographic regions during the years of 2008-2009, show that P2P networks generated most of the traffic in all monitored regions, ranging from 43% in Northern Africa to 70% in Eastern Europe (http://www.ipoque.com/). The same study also identified that BitTorrent (Cohen, 2003) is the most popular protocol on the Internet, generating most of the traffic in 7 out of 8 regions ranging from 32% in South Africa to 57% in Eastern Europe. The details of the BitTorrent protocol will be discussed in Section 3. -
FDPHI: Fast Deep Packet Header Inspection for Data Traffic Classification and Management
Received: March 19, 2021. Revised: May 13, 2021. 373 FDPHI: Fast Deep Packet Header Inspection for Data Traffic Classification and Management Nahlah Abdulrahman Alkhalidi1* Fouad A. Yaseen2* 1College of Science, Computer Science Department, University of Baghdad, Iraq 2University of Baghdad, Computer Center, Iraq * Corresponding author’s Email: [email protected] Abstract: Traffic classification is referred to as the task of categorizing traffic flows into application-aware classes such as chats, streaming, VoIP, etc. Most systems of network traffic identification are based on features. These features may be static signatures, port numbers, statistical characteristics, and so on. Current methods of data flow classification are effective, they still lack new inventive approaches to meet the needs of vital points such as real-time traffic classification, low power consumption, ), Central Processing Unit (CPU) utilization, etc. Our novel Fast Deep Packet Header Inspection (FDPHI) traffic classification proposal employs 1 Dimension Convolution Neural Network (1D-CNN) to automatically learn more representational characteristics of traffic flow types; by considering only the position of the selected bits from the packet header. The proposal a learning approach based on deep packet inspection which integrates both feature extraction and classification phases into one system. The results show that the FDPHI works very well on the applications of feature learning. Also, it presents powerful adequate traffic classification results in terms of energy consumption (70% less power CPU utilization around 48% less), and processing time (310% for IPv4 and 595% for IPv6). Keywords: Traffic classification, Packet header inspection, Neural network, Computer network. control, could be carried out on the traffic classes [3]. -
Bittorrent Network Traffic Forecasting with Arma
International Journal of Computer Networks & Communications (IJCNC) Vol.4, No.4, July 2012 BIT TORRENT NETWORK TRAFFIC FORECASTING WITH ARMA Poo KuanHoong, Ian K.T. Tan and CheeYikKeong Faculty of Computing and Informatics, Multimedia University, Persiaran Multimedia, Cyberjaya, 63100, Selangor D.E., Malaysia [email protected], [email protected], [email protected] ABSTRACT In recent years, there are some major changes in the way content is being distributed over the network. The content distribution techniques have recently started to embrace peer-to-peer (P2P) systems as an alternative to the traditional client-server architecture. P2P systemsthat are based on the BitTorrent protocol uses end-users’ resources to provide a cost effective distribution of bandwidth intensive content to thousands of users. The BitTorrent protocol system offers a scalable mechanism for distributing a large volume of data to a set of peers over the Internet. With the growing demand for file sharing and content distribution, BitTorrent has become one of the most popular Internet applications and contributes to a signification fraction of the Internet traffic. With the wide usage of the BitTorrent protocol system, it has basically solved one of the major problems where data can be quickly transferred to a group of interested parties. The strength of the BitTorrent protocol lies in efficient bandwidth utilization for the downloading and uploading processes. However, the usage of BitTorrent protocol also causes latency for other applications in terms of network bandwidth which in turn has caused concerns for the Internet Service Providers, who strives for quality of service for all their customers. -
Locating Political Power in Internet Infrastructure by Ashwin Jacob
Where in the World is the Internet? Locating Political Power in Internet Infrastructure by Ashwin Jacob Mathew A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Information in the Graduate Division of the University of California, Berkeley Committee in charge: Professor John Chuang, Co-chair Professor Coye Cheshire, Co-chair Professor Paul Duguid Professor Peter Evans Fall 2014 Where in the World is the Internet? Locating Political Power in Internet Infrastructure Copyright 2014 by Ashwin Jacob Mathew This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.1 1The license text is available at http://creativecommons.org/licenses/by-nc-sa/4.0/. 1 Abstract Where in the World is the Internet? Locating Political Power in Internet Infrastructure by Ashwin Jacob Mathew Doctor of Philosophy in Information University of California, Berkeley Professor John Chuang, Co-chair Professor Coye Cheshire, Co-chair With the rise of global telecommunications networks, and especially with the worldwide spread of the Internet, the world is considered to be becoming an information society: a society in which social relations are patterned by information, transcending time and space through the use of new information and communications technologies. Much of the popular press and academic literature on the information society focuses on the dichotomy between the technologically-enabled virtual space of information, and the physical space of the ma- terial world. However, to understand the nature of virtual space, and of the information society, it is critical to understand the politics of the technological infrastructure through which they are constructed. -
Misusing Bittorrent to Launch Ddos Attacks
BotTorrent: Misusing BitTorrent to Launch DDoS Attacks Karim El Defrawy∗, Minas Gjoka and Athina Markopoulou University of California, Irvine {keldefra, mgjoka, athina}@uci.edu Abstract attacks by hijacking peer-to-peer (P2P) systems. These sys- tems recently became very popular for distributing content BitTorrent is currently one of the most popular peer-to-peer to a large number of users. Given the already large popula- systems. BitTorrent clients are widely spread all over the tion of P2P clients (some claim that P2P traffic constitutes world and account for a large fraction of today’s Internet up to 60% of Internet traffic [5]) even a small amount of traffic. In this paper, we show that BitTorrent can be ex- traffic or connections per user leads to an aggregate that can ploited by misdirecting clients to send their traffic toward flood any victim. This type of attack can be quite powerful any host on the Internet. The volume of a BitTorrent swarm as it does not require any special infection process or special can thus be converted into firepower for launching a dis- software to be installed and is very hard to trace. tributed denial-of-service attack that can exhaust the vic- To the best of our knowledge, this is the first extensive tim’s resources, including access bandwidth and connection study of BitTorrent-based [7] DDoS attacks against any vic- resources. We identify novel exploits of the BitTorrent sys- tim host (i.e. the victim does not have to participate in the tem and conduct real-life experiments that demonstrate the BitTorrent swarm).