Abstract
Majority of traffic analysis tools today are based on NetFlow technology including its more recent successor, IPFIX protocol. Even with the flexibility of IPFIX in mind, processing traffic in realtime is still difficult. Given the urgent need for lightweight methods in the area, this paper is crossing inter-disciplinary borders to find a solution. Specifically, this paper looks into a possibility of applying video compression to 2D visualization of traffic in search for anomalies. The proposed method is applied to detection of Flash Crowds in traffic and is found successful when compared to other methods.
Similar content being viewed by others
References
Abrahao, B., & Kleinberg, R. (2008). On the Internet delay space dimensionality. In Proc. of 8th ACM SIGCOMM conference on Internet measurement (pp. 157–168).
Baccelli, F., Machiraju, S., Veitch, D., & Bolot, J. (2009). The role of PASTA in network measurement. In: Proc. of IEEE/ACM Transactions on Networking, vol. 17(4), pp. 1340–1353.
Choi, B., & Zhang, Z. (2006). Adaptive random sampling for traffic volume measurement. Telecommunications Systems, 34, 71–80.
Jung, J., Krishnamurthy, B., & Rabinovich, M. (2002). Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In Proc. of WWW conference, Hawaii, USA (pp. 532–569).
Lakhina, A., Crovella, M., & Diot, C. (2004). Characterization of network-wide anomalies in traffic flows. In Proc. of Internet measurement conference, Italy (pp. 201–206).
Lakhina, A., Crovella, M., & Diot, C. (2004). Diagnosing network-wide traffic anomalies. In Proc. of ACM SIGCOMM computer communication review (Vol. 34(4), pp. 219–230).
Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. J., & Lear, E. (1918). Address allocation for private Internets. RFC 1918.
Rocha, E., Salvador, P., & Nogueira, A. (2010). Can multiscale traffic analysis be used to differentiate Internet applications? Telecommunications Systems, 48, 19–30.
Soule, A., Salamatian, K., & Taft, N. (2005). Combining filtering and statistical methods for anomaly detection. In Proc. of Internet measurement conference (IMC) (pp. 331–344).
Susitaival, R., Juva, I., Peuhkuri, M., & Aalto, S. (2006). Characteristics of origin-destination pair traffic in Funet. Telecommunications Systems, 33, 67–88.
Wamser, F., Pries, R., Staehle, D., Heck, K., & Tran-Gia, P. (2010). Traffic characterization of a residential wireless Internet access. Telecommunications Systems, 48, 5–17.
Zadnik, M., Pecenka, T., & Korenek, J. (2005). NetFlow probe intended for high-speed networks. In Proc. of international conference on field programmable logic and applications (pp. 695–698).
Zhanikeev, M., & Tanaka, Y. (2009). Lightweight traffic monitoring and analysis using video compression techniques. In Lecture notes in computer science: Vol. 5787. Proc. of managements enabling the future Internet for changing business and new computing services (pp. 92–101). Berlin: Springer.
IPv4 address report. Available at. http://www.potaroo.net/tools/ipv4/.
IPv4 WHOIS Map. Available at: http://www.caida.org/research/id-consumption/whois-map/.
MAWI working group traffic archive. Available at: http://tracer.csl.sony.co.jp/mawi/.
The R project for statistical computing. Available at: http://www.r-project.org.
FFmpeg Homepage. Available at: http://ffmpeg.org/.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhanikeev, M., Tanaka, Y. A graphical method for detection of Flash Crowds in traffic. Telecommun Syst 57, 91–105 (2014). https://doi.org/10.1007/s11235-013-9768-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11235-013-9768-0