返回Google圖書搜尋

Empirical Analysis of Traffic to Establish a Flow Termination Time-out

出版	Universitat Politècnica de Catalunya. Escola Tècnica Superior d'Enginyeria de Telecomunicació de Barcelona, 2012 (Enginyeria Electrònica), 2012
URL	http://books.google.com.hk/books?id=PA0tywEACAAJ&hl=&source=gbs_api

註釋[ANGLÈS] The inspection of contents of packets flowing on the Internet, also called Deep Packet Inspection (DPI), is the main technology used for traffic classification and anomaly searching due to its reliability and accuracy. During the last years, the evolution on the Internet has led to a deep incursion in many scenarios of DPI and several applications based on it. The exponential increase in bandwidth on the Internet has made the DPI on-line mode a highly exigent task. This technology has the responsibility of facing large amounts of data in real time, which supposes a big challenge. To achieve this task, it is a must to optimize the process involved on it. This implies not only an efficient software usage but also to exploit the hardware elements. For that reason both the scientific and private community have become interested in recent years in optimizing this technology in several aspects (e.g. searching of patterns or specific hardware architectures). Delving into that topic, it is important to consider the memory usage since it is not an unlimited resource. To properly carry out an analysis of the traffic, DPI uses several parameters which have to be stored while the connections or flows are alive. Thus, in order to improve this process, it is necessary to know what is the expected time-out for a flow to finish and therefore delete its related information from memory. Hence, to achieve this purpose, this MSc Thesis is aimed to perform an empirical analysis of real Internet traffic. In order to obtain representative results two completely different traces have been analysed, one captured in the core of a big ISP network and the other in a mobile operator scenario, near the edge. It brings not only more reliability to the results, but also serves to characterize these two very different scenarios. From that samples, a broad set of parameters have been found out. Although many of them are not directly related with the final target, they provide a comprehensive characterization of real traffic behaviour. Results like the proportion of traffic classified by groups, the RTT, the time between packets or the finalization statistics are exposed and briefly analysed, obtaining some interesting results from them. Although there are some studies covering specific issues exposed here, this work is, to the knowledge of the author, unique in the field of profiling the traffic by protocol groups. Based on these results, and as a main purpose of this work, it has been exhaustively elaborated a time-out study considering the transport protocol (i.e. TCP and UDP) by protocol group and globally for all the traffic. From that results it has been proven over a commercial DPI tool (the Ipoque's PACE engine) that their standard global time-out can be reduced up to three times (initially was set up at 600 seconds) without almost affecting the detection rate and effort, but reducing the memory requirements by 60%. This time-out can be even lower depending on the network characteristics. Moreover, it has also been evaluated the timeout for the subscriber information. It is not as critical as the flow one, but it is also worthy and coherent to optimize this value in order to achieve a better memory saving. Altogether, it has the benefits of allowing more flows and subscribers to be studied, or requiring less memory blocks, which would imply power and cost saving. In addition, with the results obtained from this MSc Thesis further work could be developed in several fields, like network security or protocol design, for instance.