[Nrg-l] PhD Proposal: Anukool Lakhina, Friday 9/16 10am MCS 135

Mark Crovella crovella at cs.bu.edu
Wed Sep 14 13:15:27 EDT 2005

Network-Wide Traffic Analysis: Methods and Applications 
Anukool Lakhina 
Ph.D Proposal Defense
Friday 9/16, 10am
MCS 135

Much of the work in network traffic analysis so far has focussed on
studying traffic volume (# bytes, # packets) on a single link in
isolation.  However, a wide range of problems faced by network operators
require analyzing multi-feature traffic (volume and packet
headers) and on multiple links simultaneously.  Examples of such
problems include traffic engineering, traffic matrix estimation, anomaly
detection, attack detection, and capacity planning.

Unfortunately, network-wide traffic analysis -- studying the traffic on
all links simultaneously -- is difficult, exemplified by the fact that
modeling traffic on a single link is itself a complex task, and an
active area of research.  Even a moderate-sized network may carry
hundreds of traffic flows; the resulting set of traffic timeseries has
hundreds of dimensions.  Thus the central problem one confronts in
network-wide traffic analysis is the so-called "curse of

A general strategy when confronted with such a high dimensional
structure is to seek accurate low-dimensional approximations that
preserve its important properties.  Following this strategy, I will show
that despite their apparent high dimensionality, the ensemble of traffic
flows in fact can be described accurately with a handful of dimensions.

I will then show how this result can be applied to various problems,
focussing particularly on problems related to diagnosing unusual events
in network-wide traffic.  I will describe how to use subspace methods to
exploit the low dimensionality of multi-feature traffic flows in order
to capture typical network-wide behavior, and to expose anomalous events
that span a network.  When applied on actual traffic data, these methods
can detect and classify a myriad of unusual events, including DoS
attacks, flash crowds, port scans, worms, downstream traffic
engineering, and network outage.  Thus, dimensional analysis and
subspace methods show considerable promise, and are worth investigating.

I will conclude my talk with a proposed timeline and outline of my

More information about the Nrg-l mailing list