[Nrg-l] Thesis Proposal Defense: Nahur Fonseca, 11am 9/12

Crovella, Mark E crovella at cs.bu.edu
Wed Sep 10 13:56:49 EDT 2008

Thesis Proposal Defense
Friday, September 12
11 am
MCS 135

Stochastic Modeling Applied to Detection Problems in Network Protocols
and Traffic

Nahur Fonseca

In this thesis we propose to study two detection problems.  We build a
Bayesian detector of packet loss for TCP, and we develop a modeling
method and an anomaly detector based on Sanov's theorem applied to
network traffic.

In this talk I will focus on the latter contribution, and describe the
progress to date and expected content of my thesis.

In a most fundamental way, network traffic can be viewed as a sequence
of packets flowing through a link.
By focusing on specific packet headers, e.g. destination IP address,
each packet can be treated simply as a symbol. In this talk I will
pursue a view traffic as the sequence of symbols and characterize some
of its statistical properties.

Using an information-theoretic framework, we characterize the memory
structure of such sequences. In particular we identify a new phenomenon
in network traffic called Long Range Mutual Information (LRMI). LRMI
implies that symbols physically far from each other in a sequence have
non-negligible dependence. We analyze a simplified model of traffic to
point the underlying causes of LRMI and to provide insights about why it
is hard to measure LRMI directly. Then we develop a simple technique to
detect the presence of LRMI in a network trace. One of the consequences
of LRMI is that the distribution of symbols in a sequence deviates
considerably from an independence assumption. Therefore we hope that the
characterization of network traffic as symbol sequences will open doors
to new applications. In particular in the final part of the thesis we
will investigate an anomaly detection method based on Sanov's theorem
that incorporate our findings about LRMI.

Mark Crovella (Major Advisor)
Kave Salamatian (Second Reader)
Azer Bestavros (Third Reader)
Abraham Matta

More information about the Nrg-l mailing list