Inferring original traffic pattern from sampled flow statistics

Tatsuya Mori; Ryoich Kawahara; Noriaki Kamiyama; Shigeaki Harada

doi:10.1109/SAINT-W.2007.51

Inferring original traffic pattern from sampled flow statistics

Tatsuya Mori^*, Ryoich Kawahara, Noriaki Kamiyama, Shigeaki Harada

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Packet sampling has become a practical and indispensable means to measure flow statistics. Recent studies have demonstrated that analyzing traffic patterns is crucial in detecting network anomalies. We may not be able to infer the original traffic patterns correctly from the sampled flow statistics because sampling process wipes out a lot of information about small flows, which play a vital role in determining the characteristics of traffic patterns. In this paper, we first show an example of how the sampling process wipes out the original statistics using measured data. Then, we show empirical examples indicating that the original traffic pattern cannot be inferred correctly even if we use a statistical inference method for incomplete data, i.e., the EM algorithm, for sampled flow statistics. Finally, we show that additional information about the original flow statistics, the number of unsampled flows, is helpful in tracking the change in original traffic patterns using sampled flow statistics.

Original language	English
Title of host publication	2007 International Symposium on Applications and the Internet - Workshops, SAINT-W
DOIs	https://doi.org/10.1109/SAINT-W.2007.51
Publication status	Published - 2007 Dec 1
Externally published	Yes
Event	2007 International Symposium on Applications and the Internet - Workshops, SAINT-W - Hiroshima, Japan Duration: 2007 Jan 15 → 2007 Jan 19

Publication series

Name	SAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W

Conference

Conference	2007 International Symposium on Applications and the Internet - Workshops, SAINT-W
Country/Territory	Japan
City	Hiroshima
Period	07/1/15 → 07/1/19

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Software

Access to Document

10.1109/SAINT-W.2007.51

Cite this

Inferring original traffic pattern from sampled flow statistics. / Mori, Tatsuya; Kawahara, Ryoich; Kamiyama, Noriaki et al.

2007 International Symposium on Applications and the Internet - Workshops, SAINT-W. 2007. 4090156 (SAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Mori, T, Kawahara, R, Kamiyama, N & Harada, S 2007, Inferring original traffic pattern from sampled flow statistics. in 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W., 4090156, SAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W, 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W, Hiroshima, Japan, 07/1/15. https://doi.org/10.1109/SAINT-W.2007.51

@inproceedings{da321494d0e148d1b613a9c9dc83825a,

title = "Inferring original traffic pattern from sampled flow statistics",

abstract = "Packet sampling has become a practical and indispensable means to measure flow statistics. Recent studies have demonstrated that analyzing traffic patterns is crucial in detecting network anomalies. We may not be able to infer the original traffic patterns correctly from the sampled flow statistics because sampling process wipes out a lot of information about small flows, which play a vital role in determining the characteristics of traffic patterns. In this paper, we first show an example of how the sampling process wipes out the original statistics using measured data. Then, we show empirical examples indicating that the original traffic pattern cannot be inferred correctly even if we use a statistical inference method for incomplete data, i.e., the EM algorithm, for sampled flow statistics. Finally, we show that additional information about the original flow statistics, the number of unsampled flows, is helpful in tracking the change in original traffic patterns using sampled flow statistics.",

author = "Tatsuya Mori and Ryoich Kawahara and Noriaki Kamiyama and Shigeaki Harada",

year = "2007",

month = dec,

day = "1",

doi = "10.1109/SAINT-W.2007.51",

language = "English",

isbn = "0769527574",

series = "SAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W",

booktitle = "2007 International Symposium on Applications and the Internet - Workshops, SAINT-W",

note = "2007 International Symposium on Applications and the Internet - Workshops, SAINT-W ; Conference date: 15-01-2007 Through 19-01-2007",

}

TY - GEN

T1 - Inferring original traffic pattern from sampled flow statistics

AU - Mori, Tatsuya

AU - Kawahara, Ryoich

AU - Kamiyama, Noriaki

AU - Harada, Shigeaki

PY - 2007/12/1

Y1 - 2007/12/1

N2 - Packet sampling has become a practical and indispensable means to measure flow statistics. Recent studies have demonstrated that analyzing traffic patterns is crucial in detecting network anomalies. We may not be able to infer the original traffic patterns correctly from the sampled flow statistics because sampling process wipes out a lot of information about small flows, which play a vital role in determining the characteristics of traffic patterns. In this paper, we first show an example of how the sampling process wipes out the original statistics using measured data. Then, we show empirical examples indicating that the original traffic pattern cannot be inferred correctly even if we use a statistical inference method for incomplete data, i.e., the EM algorithm, for sampled flow statistics. Finally, we show that additional information about the original flow statistics, the number of unsampled flows, is helpful in tracking the change in original traffic patterns using sampled flow statistics.

AB - Packet sampling has become a practical and indispensable means to measure flow statistics. Recent studies have demonstrated that analyzing traffic patterns is crucial in detecting network anomalies. We may not be able to infer the original traffic patterns correctly from the sampled flow statistics because sampling process wipes out a lot of information about small flows, which play a vital role in determining the characteristics of traffic patterns. In this paper, we first show an example of how the sampling process wipes out the original statistics using measured data. Then, we show empirical examples indicating that the original traffic pattern cannot be inferred correctly even if we use a statistical inference method for incomplete data, i.e., the EM algorithm, for sampled flow statistics. Finally, we show that additional information about the original flow statistics, the number of unsampled flows, is helpful in tracking the change in original traffic patterns using sampled flow statistics.

UR - http://www.scopus.com/inward/record.url?scp=46349099953&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=46349099953&partnerID=8YFLogxK

U2 - 10.1109/SAINT-W.2007.51

DO - 10.1109/SAINT-W.2007.51

M3 - Conference contribution

AN - SCOPUS:46349099953

SN - 0769527574

SN - 9780769527574

T3 - SAINT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W

BT - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W

T2 - 2007 International Symposium on Applications and the Internet - Workshops, SAINT-W

Y2 - 15 January 2007 through 19 January 2007

ER -

Inferring original traffic pattern from sampled flow statistics

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this