[Nrg-l] NOW: Thesis Proposal Defense: Nahur Fonseca, 11am 9/12

Crovella, Mark E crovella at cs.bu.edu
Fri Sep 12 10:59:02 EDT 2008


> -----Original Message-----
> From: Crovella, Mark E 
> Sent: Wednesday, September 10, 2008 1:57 PM
> To: 'colloq-l at cs.bu.edu'; 'cs-staff at cs.bu.edu'
> Cc: 'nrg-l at cs.bu.edu'; Kave Salamatian
> Subject: Thesis Proposal Defense: Nahur Fonseca, 11am 9/12
> Thesis Proposal Defense
> Friday, September 12
> 11 am
> MCS 135
> Stochastic Modeling Applied to Detection Problems in Network 
> Protocols and Traffic
> Nahur Fonseca
> In this thesis we propose to study two detection problems.  
> We build a Bayesian detector of packet loss for TCP, and we 
> develop a modeling method and an anomaly detector based on 
> Sanov's theorem applied to network traffic.
> In this talk I will focus on the latter contribution, and 
> describe the progress to date and expected content of my thesis.
> In a most fundamental way, network traffic can be viewed as a 
> sequence of packets flowing through a link.
> By focusing on specific packet headers, e.g. destination IP 
> address, each packet can be treated simply as a symbol. In 
> this talk I will pursue a view traffic as the sequence of 
> symbols and characterize some of its statistical properties.
> Using an information-theoretic framework, we characterize the 
> memory structure of such sequences. In particular we identify 
> a new phenomenon in network traffic called Long Range Mutual 
> Information (LRMI). LRMI implies that symbols physically far 
> from each other in a sequence have non-negligible dependence. 
> We analyze a simplified model of traffic to point the 
> underlying causes of LRMI and to provide insights about why 
> it is hard to measure LRMI directly. Then we develop a simple 
> technique to detect the presence of LRMI in a network trace. 
> One of the consequences of LRMI is that the distribution of 
> symbols in a sequence deviates considerably from an 
> independence assumption. Therefore we hope that the 
> characterization of network traffic as symbol sequences will 
> open doors to new applications. In particular in the final 
> part of the thesis we will investigate an anomaly detection 
> method based on Sanov's theorem that incorporate our findings 
> about LRMI.
> Committee:
> Mark Crovella (Major Advisor)
> Kave Salamatian (Second Reader)
> Azer Bestavros (Third Reader)
> Abraham Matta

More information about the Nrg-l mailing list