|
|
|||||||||
|
||||||||||
|
Research Systems & Architecture Bio & Medical Networking Processor architecture |
Shared Congestion DetectionModern P2P networking applications are highly adpative and covert. Extensive use of encryption,UDP-TCP protocol swapping, randomized port aasignments on relay nodes make it difficult to detect, monitor, or profile these networks. The objective of shared congestion detection is to identify packet flows belonging to a unknown network based on the correlation analysis on the time delays of probing streams. The share congestion can be viewed as an anomaly whose correlation value is larger than a threshold. The first major issue is how to detect correlated flows responsively with minimal false alarms. The other issue is the minimum number of samples needed to make reliable detection of shared congestion. Fig 1.1 illustrates two TCP flowswhose share congestion occurs in the interval between 35 and 65 seconds. Figure 1.2 is the detection outcome of a wavelet-based detector, which did catch the shared congestion with significant false detections. Figure 1.3 is the detection outcome of the CUSUM detector, which does not identify the interval precisely. Figure 1.4 is the detection outcome of a SMC-CUSUM detector, which is an integrated design of the sliding mode controller together with a CUSUM detector.
|
|||||||||
