Abstract
Information about the network protocols used by the background traffic can be important to the foreground traffic. Whether that knowledge is exploited via optimization through protocol selection (OPS) or through other forms of parameter tuning, a machine-learned classifier is one tool to identifying background traffic protocols. Unfortunately, global knowledge can be difficult to obtain in a dynamic distributed system like a shared, wide-area network (WAN).
Previous techniques for protocol identification have focused on passive or end-point signals for classification. For example, end-to-end round trip time (RTT) can, especially when gathered as a time series, reveal a lot about what is happening on the network. Other related signals, such as bandwidth, and the number of retransmissions can also be used for protocol classification. However, as noted, these signals are typically gathered by passive means, which may limit their usefulness.
We introduce and provide a proof-of-concept of active probing, which is the systematic and deliberate perturbation of traffic on a network for the purpose of gathering information. The time-series data generated by active probing improves our machine-learned classifiers because different network protocols react differently to the probing. Whereas passive probing might be limiting the time series observations to a period of steady state (e.g., saturated network), active probing forces the system out of that steady state. We show that active probing improves on prior work (with passive probing of RTT) by between 7% to 16% in additional accuracy (depending on the window size), and reaching 90% averages in precision, recall, and F1-scores.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
While BBR version 2 has been under development, at the time of writing this paper, BBR version 1 is still the only stable version publicly available; hence the one used in this study for all the experiments and evaluations.
- 2.
- 3.
In this paper we only present results conducted on the 1Â Gb/s network.
References
Afanasyev, A., Tilley, N., Reiher, P., Kleinrock, L.: Host-to-host congestion control for TCP. IEEE Commun. Surv. Tutor. 12(3), 304–342 (2010). https://doi.org/10.1109/SURV.2010.042710.00114
Anvari, H., Lu, P.: Large transfers for data analytics on shared wide-area networks. In: Proceedings of the ACM International Conference on Computing Frontiers, CF 2016, pp. 418–423. ACM, New York (2016). https://doi.org/10.1145/2903150.2911718
Anvari, H., Huard, J., Lu, P.: Machine-learned classifiers for protocol selection on a shared network. In: Renault, É., Mühlethaler, P., Boumerdassi, S. (eds.) MLN 2018. LNCS, vol. 11407, pp. 98–116. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-19945-6_7
Anvari, H., Lu, P.: The impact of large-data transfers in shared wide-area networks: an empirical study. Procedia Comput. Sci. 108, 1702–1711 (2017). International Conference on Computational Science, ICCS 2017, 12–14 June 2017, Zurich, Switzerland. https://doi.org/10.1016/j.procs.2017.05.211. http://www.sciencedirect.com/science/article/pii/S1877050917308049
Anvari, H., Lu, P.: Learning mixed traffic signatures in shared networks. In: Krzhizhanovskaya, W., et al. (eds.) ICCS 2020. LNCS, vol. 12137, pp. 524–537. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50371-0_39
Carbone, M., Rizzo, L.: Dummynet revisited. SIGCOMM Comput. Commun. Rev. 40(2), 12–20 (2010). https://doi.org/10.1145/1764873.1764876
Cardwell, N., Cheng, Y., Gunn, C.S., Yeganeh, S.H., Jacobson, V.: BBR: congestion-based congestion control. Queue 14(5), 50:20–50:53 (2016). https://doi.org/10.1145/3012426.3022184
Dong, M., Li, Q., Zarchy, D., Godfrey, P.B., Schapira, M.: PCC: re-architecting congestion control for consistent high performance. In: 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2015), pp. 395–408. USENIX Association, Oakland (2015). https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/dong
Dong, M., et al.: PCC Vivace: online-learning congestion control. In: 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2018), pp. 343–356. USENIX Association, Renton (2018). https://www.usenix.org/conference/nsdi18/presentation/dong
Guok, C., Robertson, D., Thompson, M., Lee, J., Tierney, B., Johnston, W.: Intra and interdomain circuit provisioning using the OSCARS reservation system. In: 2006 3rd International Conference on Broadband Communications, Networks and Systems, BROADNETS 2006, pp. 1–8, October 2006. https://doi.org/10.1109/BROADNETS.2006.4374316
Ha, S., Rhee, I., Xu, L.: CUBIC: a new TCP-friendly high-speed TCP variant. SIGOPS Oper. Syst. Rev. 42(5), 64–74 (2008). https://doi.org/10.1145/1400097.1400105
Hock, M., Bless, R., Zitterbart, M.: Experimental evaluation of BBR congestion control. In: 2017 IEEE 25th International Conference on Network Protocols (ICNP), pp. 1–10 (2017). https://doi.org/10.1109/ICNP.2017.8117540
Hong, C., et al.: Achieving high utilization with software-driven WAN. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM 2013, pp. 15–26. ACM, New York (2013). https://doi.org/10.1145/2486001.2486012
Jain, R., Chiu, D.M., Hawe, W.R.: A quantitative measure of fairness and discrimination for resource allocation in shared computer system, vol. 38. Eastern Research Laboratory, Digital Equipment Corporation Hudson, MA (1984)
Jain, S., et al.: B4: experience with a globally-deployed software defined WAN. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM 2013, pp. 3–14. ACM, New York (2013). https://doi.org/10.1145/2486001.2486019
Jiang, H., Dovrolis, C.: Why is the internet traffic bursty in short time scales? In: Proceedings of the 2005 ACM SIGMETRICS International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS 2005, pp. 241–252. ACM, New York (2005). https://doi.org/10.1145/1064212.1064240
Kozu, T., Akiyama, Y., Yamaguchi, S.: Improving RTT fairness on cubic TCP. In: 2013 First International Symposium on Computing and Networking, pp. 162–167, December 2013. https://doi.org/10.1109/CANDAR.2013.30
Liu, H.H., et al.: Efficiently delivering online services over integrated infrastructure. In: 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2016), pp. 77–90. USENIX Association, Santa Clara (2016). https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/liu
Ma, S., Jiang, J., Wang, W., Li, B.: Towards RTT fairness of congestion-based congestion control. CoRR abs/1706.09115 (2017). http://arxiv.org/abs/1706.09115
Meng, T., Schiff, N.R., Godfrey, P.B., Schapira, M.: PCC proteus: scavenger transport and beyond. In: Proceedings of the Annual Conference of the ACM Special Interest Group on Data Communication on the Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM 2020, pp. 615–631. Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3387514.3405891
Mirza, M., Sommers, J., Barford, P., Zhu, X.: A machine learning approach to TCP throughput prediction. IEEE/ACM Trans. Netw. 18(4), 1026–1039 (2010). https://doi.org/10.1109/TNET.2009.2037812
Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Vishwanath, K.V., Vahdat, A.: Evaluating distributed systems: does background traffic matter? In: USENIX 2008 Annual Technical Conference, ATC 2008, pp. 227–240. USENIX Association, Berkeley (2008). http://dl.acm.org/citation.cfm?id=1404014.1404031
Winstein, K., Balakrishnan, H.: TCP ex Machina: computer-generated congestion control. In: Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM 2013, pp. 123–134. ACM, New York (2013). https://doi.org/10.1145/2486001.2486020
Yin, Q., Kaur, J.: Can machine learning benefit bandwidth estimation at ultra-high speeds? In: Karagiannis, T., Dimitropoulos, X. (eds.) PAM 2016. LNCS, vol. 9631, pp. 397–411. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30505-9_30
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Anvari, H., Lu, P. (2021). Active Probing for Improved Machine-Learned Recognition of Network Traffic. In: Renault, É., Boumerdassi, S., Mühlethaler, P. (eds) Machine Learning for Networking. MLN 2020. Lecture Notes in Computer Science(), vol 12629. Springer, Cham. https://doi.org/10.1007/978-3-030-70866-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-70866-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-70865-8
Online ISBN: 978-3-030-70866-5
eBook Packages: Computer ScienceComputer Science (R0)