Likelihood-based inference for modelling packet transit from thinned flow summaries

08/31/2020
by   Prosha A. Rahman, et al.
0

The substantial growth of network traffic speed and volume presents practical challenges to network data analysis. Packet thinning and flow aggregation protocols such as NetFlow reduce the size of datasets by providing structured data summaries, but conversely this impedes statistical inference. Methods which aim to model patterns of traffic propagation typically do not account for the packet thinning and summarisation process into the analysis, and are often simplistic, e.g. method-of-moments. As a result, they can be of limited practical use. We introduce a likelihood-based analysis which fully incorporates packet thinning and NetFlow summarisation into the analysis. As a result, inferences can be made for models on the level of individual packets while only observing thinned flow summary information. We establish consistency of the resulting maximum likelihood estimator, derive bounds on the volume of traffic which should be observed to achieve required levels of estimator accuracy, and identify an ideal family of models. The robust performance of the estimator is examined through simulated analyses and an application on a publicly available trace dataset containing over 36m packets over a 1 minute period.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/24/2021

Zeroing in on Port 0 Traffic in the Wild

Internet services leverage transport protocol port numbers to specify th...
research
09/13/2022

Hypersparse Network Flow Analysis of Packets with GraphBLAS

Internet analysis is a major challenge due to the volume and rate of net...
research
09/11/2018

New models for symbolic data analysis

Symbolic data analysis (SDA) is an emerging area of statistics based on ...
research
06/03/2022

Traffic Count Data Analysis Using Mixtures of Kato–Jones Distributions on the Circle

We discuss the modelling of traffic count data that show the variation o...
research
07/25/2023

Network Traffic Classification based on Single Flow Time Series Analysis

Network traffic monitoring using IP flows is used to handle the current ...
research
03/11/2020

New stochastic highway capacity estimation method and why product limit method is unsuitable

Kaplan-Meier estimate, commonly known as product limit method (PLM), and...
research
01/19/2021

Modelling Downlink Packet Aggregation in Paced 802.11ac WLANs

We derive an analytic model of packet aggregation on the the downlink of...

Please sign up or login with your details

Forgot password? Click here to reset