Kuai Xu,Lin Gu,Feng Wang

DOI: https://doi.org/10.1109/GLOCOM.2013.6831138

2013-01-01

Abstract:The explosive growth of Internet-connected consumer devices in the digital home has made home networks one of the important emerging topics in networking research. A rich body of research efforts have been made to study broadband performance and home network management, little is known about network traffic that are exchanged within home networks or between Internet-connected devices in home networks and end hosts on the Internet. In this paper we design and implement a built-in traffic monitoring system on programmable home routers to collect and analyze incoming, outgoing and internal traffic for residential home networks. To illustrate the applications of the proposed built-in traffic monitoring system, we deploy the system in two real home networks, and demonstrate its capabilities of detecting unwanted traffic towards home networks as well as those suspicious traffic originating from compromised devices in home networks. In addition, our correlation analysis on unwanted traffic towards distributed home networks reveals aggressive scanners on the Internet and sheds lights on traffic characteristics of these scanners.

Kuai Xu,Feng Wang,Michael Lee

DOI: https://doi.org/10.1109/CCNC.2012.6181041

2012-01-01

Abstract:The rapid growth of broadband connections and home networks has created new application opportunities such as video streaming and remote health care. However, managing and securing the increasingly complicated home networks has remained a serious challenge for most home users who have little technical expertise to manage their home networks and connected devices. Towards this end, we will demonstrate HomeTPS, a traffic profiling system for home networks that collects, analyzes and makes sense of home network traffic. The demonstration will show automatic traffic collection from programmable home routers, informative traffic summary reports and behavior profiles for Internet-capable home devices, and real-time discovery of anomalous traffic from Internet attackers or from compromised devices in home networks.

Jie Yang,Yang He,Ping Lin,Gang Cheng

DOI: https://doi.org/10.1109/icnidc.2009.5360979

2009-01-01

Abstract:The continuous growth in both commercial and public network traffic with various quality-of-service (QoS) requirements is calling for better service than the Internet's best effort mechanism. One of the challenging issues is to predict the overall behavior of aggregate network traffic. While network traffic characterization has been studied extensively due to its importance in network scheduling and throughput, an accurate characterization of network traffic still remains elusive.In this paper, in addition to characterizing the aggregate network traffic, we classify the traffic into different categories, e.g., P2P, VOIP, and provide insight to each of them in terms of their traffic pattern and impact to the overall traffic. Our study verifies that like many works reported in literature, majority Internet backbone traffic is contributed by a small portion of users. A major contribution of this paper is that we found a linear equation which could be used to approximate the impact of each User to the overall traffic. Many new applications appear recently and become more and more popular as Internet evolves. We show that in current Internet backbone of China, 9 applications, which can be classified into three categories, web browsing, P2P service, and gaming, contribute 95 percent of the total traffic. It is also demonstrated the P2P applications are the dominant traffic contributor among the three categories.

Yang Jie,He Yang,Lin Ping,Cheng Gang

2010-01-01

Abstract:With enormous growth of the number of Internet users and appearance of new applications, characterization of Internet traffic has attracted more and more attention and has become one of the major challenging issues in telecommunication network over the past few years. In this paper, we study the network traffic pattern of the aggregate traffic and of specific application traffic, especially the popular applications such as P2P, VoIP that contribute most network traffic. Our study verified that majority Internet backbone traffic is contributed by a small portion of users and a power function can be used to approximate the contribution of each user to the overall traffic. We show that P2P applications are the dominant traffic contributor in current Internet Backbone of China. In addition, we selectively present the traffic pattern of different applications in detail.

Yinxin Wan,Kuai Xu,Feng Wang,Guoliang Xue

DOI: https://doi.org/10.1109/tnse.2020.3026961

IF: 6.6

2021-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As connected Internet-of-things (IoT) devices in smart homes, smart cities, and smart industries continue to grow in size and complexity, managing and securing them in distributed edge networks have become daunting but crucial tasks. The recent spate of cyber attacks exploiting the vulnerabilities and insufficient security management of IoT devices have highlighted the urgency and challenges for securing billions of IoT devices and applications. As a first step towards understanding and mitigating diverse security threats of IoT devices, this paper develops an IoT traffic measurement framework on programmable and intelligent edge routers to automatically collect incoming, outgoing, and internal network traffic of IoT devices in edge networks, and to build multidimensional behavioral profiles which characterize who, when, what, and why on the behavioral patterns of IoT devices based on continuously collected traffic data. To the best of our knowledge, this paper is the first effort to shed light on the IP-spatial, temporal, entropy, and cloud service patterns of IoT devices in edge networks, and to explore these multidimensional behavioral fingerprints for IoT device classification, anomaly traffic detection, and network security monitoring for vulnerable and resource-constrained IoT devices on the Internet.

M. Hammad Mazhar,Zubair Shafiq

DOI: https://doi.org/10.1109/iotdi49375.2020.00027

2020-04-01

Abstract:As the smart home IoT ecosystem flourishes, it is imperative to gain a better understanding of the unique challenges it poses in terms of management, security, and privacy. Prior studies are limited because they examine smart home IoT devices in testbed environments or at a small scale. To address this gap, we present a measurement study of smart home IoT devices in the wild by instrumenting home gateways and passively collecting real-world network traffic logs from more than 200 homes across a large metropolitan area in the United States. We characterize smart home IoT traffic in terms of its volume, temporal patterns, and external endpoints along with focusing on certain security and privacy concerns. We first show that traffic characteristics reflect the functionality of smart home IoT devices such as smart TVs generating high volume traffic to content streaming services following diurnal patterns associated with human activity. While the smart home IoT ecosystem seems fragmented, our analysis reveals that it is mostly centralized due to its reliance on a few popular cloud and DNS services. Our findings also highlight several interesting security and privacy concerns in smart home IoT ecosystem such as the need to improve policy-based access control for IoT traffic, lack of use of application layer encryption, and prevalence of third-party advertising and tracking services. Our findings have important implications for future research on improving management, security, and privacy of the smart home IoT ecosystem.

Md Mainuddin,Zhenhai Duan,Yingfei Dong

DOI: https://doi.org/10.1109/ICCCN52240.2021.9522168

2021-09-04

Abstract:Understanding network traffic characteristics of IoT devices plays a critical role in improving both the performance and security of IoT devices, including IoT device identification, classification, and anomaly detection. Although a number of existing research efforts have developed machine-learning based algorithms to help address the challenges in improving the security of IoT devices, none of them have provided detailed studies on the network traffic characteristics of IoT devices. In this paper we collect and analyze the network traffic generated in a typical smart homes environment consisting of a set of common IoT (and non-IoT) devices. We analyze the network traffic characteristics of IoT devices from three complementary aspects: remote network servers and port numbers that IoT devices connect to, flow-level traffic characteristics such as flow duration, and packet-level traffic characteristics such as packet inter-arrival time. Our study provides critical insights into the operational and behavioral characteristics of IoT devices, which can help develop more effective security and performance algorithms for IoT devices.

Networking and Internet Architecture

Kuai Xu,Feng Wang,Xiaohua Jia

DOI: https://doi.org/10.1002/sec.1569

2015-01-01

Abstract:These growing threats and broad damages have made it imperative to understand, characterize, filter, and reduce exploit traffic towards millions of home routers and billions of connected devices in the home. This paper presents a bloom-filter based analytic framework to capture persistent threats towards the same home routers and to identify correlated attacks towards distributed home networks. Our experimental results based on network traffic collected from real homes over 18 months have revealed a number of interesting findings on persistent and correlated threats towards home networks, which calls for improved security and management of home networks. To the best of our knowledge, this paper is the first effort to characterize cyber threats towards home networks and to propose a simple and yet effective approach to identify persistent and aggressive attacks towards home networks.

Jie Yang,Lun Yuan,Chao Dong,Gang Cheng,Nirwan Ansari,Nei Kato

DOI: https://doi.org/10.1109/jsac.2013.sup.0513016

IF: 16.4

2013-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Extensive studies have shown that the peer-to-peer (P2P) traffic has already become the dominant traffic in the current Internet. The current P2P streaming user base is still undergoing stunning growth in China although its user scale already reached 158 million in 2010, 68% of Chinese web users. Hence, a comprehensive understanding of the P2P streaming network traffic characterization is essential to Internet Service Providers (ISPs) in terms of network planning and resource allocation. In this paper, based on the massive data collected with a passive network monitoring equipment placed in the Internet backbone, we provide an in-depth view of the current P2P streaming traffic in the current Internet of China. In particular, we statistically study the P2P streaming traffic in both wired (ADSL in this paper) and wireless (CDMA) networks, and characterize the traffic from both flow-level and packet-level aspects. Our study uncovers the significant impact of the P2P streaming traffic on the underlying network due to its unique characteristics and the bandwidth intensive nature of the corresponding applications. In addition, the result reveals the significant difference between the characterizations of the P2P streaming traffic in wired and wireless networks due to their respective intrinsic environmental characteristics.

Yunfei Zhang,Lianhong Lei,Changjia Chen

DOI: https://doi.org/10.1007/978-3-540-24679-4_74

2004-01-01

Abstract:In this paper we, to the best of our knowledge, for the first time, launch a peer-to-peer network traffic measurement across the Internet backbone in China. Different from the existing studies, our data are derived from core routers on the Internet. Our study focuses on the three periodic peak value groups in the aggregation flow traffic, the heavy-tailed property in the distribution of traffic by different hosts and the long range dependence (LRD) in p2p traffic. Moreover we propose a novel data mining approach, ADTE to differentiate signaling and data traffic. Our study also shows that Napster dominates p2p traffic. In addition, we observe that the aggregation of p2p traffic is less than 1% of the total Internet traffic, much different from the observations in other studies. We analyze the possible reasons and wish that our conclusion could be a good guideline for the software developers.

Jie YANG,Yin-zhou LI,Chao DONG,Zheng MA,Gang CHENG

DOI: https://doi.org/10.1016/s1005-8885(11)60437-8

2012-01-01

Abstract:Over the past few years we have witnessed evolutionary changes to our communication network as the result of new application, computation and communications paradigms. As such, our understanding to the network becomes diminish and it becomes a key challenge to get a thorough understanding for the network applications and their traffic characteristics. While network traffic characterization and typical application analyses, e.g., peer-to-peer (P2P), have been studied extensively due to its importance in network scheduling and throughput, the relation between typical applications and overall traffic still remains elusive. In this paper, we profile network traffic based on the massive data collected in year 2012 with a passive network traffic monitoring system (TMS) placed on a large Internet service provider (ISP) in China. We also provide an insight to the overall traffic distribution and impact of the major traffic contributors on the overall traffic. Our study reveals that the top five applications, i.e., hyper text transport protocol (HTTP), PPStream, HTTPFlash, QQLive and Thunder, contribute more than 60% of the total traffic, and different application has different correlation with the total traffic. In addition, we give a corresponding coefficient function of these five applications to predict the overall network traffic on weekdays and weekends.

Yang Jie,Yuan Lun,Lin Ping,Cong Rong,Cheng Gang,Nirwan Ansari

2012-01-01

China Communications

Abstract:Based on the massive data collected with a passive network monitoring equipment placed in China's backbone, we present a deep insight into the network backbone traffic and evaluate various ways for improving traffic classifying efficiency in this paper. In particular, the study has scrutinized the network traffic in terms of protocol types and signatures, flow length, and port distribution, from which meaningful and interesting insights on the current Internet of China from the perspective of both the packet and flow levels are derived. We show that the classification efficiency can be greatly improved by using the information of preferred ports of the network applications. Quantitatively, we find two traffic duration thresholds, with which 40% of TCP flows and 70% of UDP flows can be excluded from classification processing while the impact on classification accuracy is trivial, i.e., the classification accuracy can still reach a high level by saving 85% of the resources.

Pengcheng Jiang,Fang Liu,Chenyu Li,Huan Wang

DOI: https://doi.org/10.1109/ihmsc.2014.27

2014-01-01

Abstract:With the rapid increasing impact of the mobile Internet on people's daily life, accessing the Internet via mobile devices is showing an obvious trend, which brings a large amount of network traffic at the same time. This paper analyzes HTTP traffic characteristics based on real world data collected from a commercial Internet Service Provider (ISP) in charge of some regions of China. We investigate the variation characteristics of HTTP traffic over time. Five common types of HTTP messages are also presented with their percentages in real network environment. In Particular, after the analysis of the distributions of HTML reply lengths and HTTP header numbers, we see the relationship between them can be described as linearity, which can be much instructive to some engineering works. Furthermore, we find the tag is not contained in a majority of HTML messages by extracting their HTML heads in accordance with certain rules. In this paper, we design a data acquisition system applied in the mobile Internet which can evaluate the load of network traffic by capturing and processing packets real-timely and efficiently.

Qiuping Zhu,Dong Li,Yi Xin,Xiangzhan Yu,Guocai Mu

DOI: https://doi.org/10.1007/978-3-030-24268-8_9

2019-01-01

Abstract:With the rapid development of the Internet, the scale of Internet users has been expanding. At the same time, various mobile phone applications have emerged in an endless stream. While providing users with a variety of services, it also leads to the difficulty of user identification. All those things bring new challenges to traffic identification. Based on the importance of Internet traffic identification for Internet management and security, this paper describes the classification methods and problems faced by Internet traffic identification. Moreover, current work about user-related and application-related traffic identification methods is summarized and analyzed. At the end of this article, we will discuss the future research prospects of traffic identification and summarize the content of the article.

Xiaodong Zang,Jian Gong,Maoli Wang,Peng Gao,Guowei Zhang

DOI: https://doi.org/10.1016/j.jnca.2023.103603

IF: 7.574

2023-04-01

Journal of Network and Computer Applications

Abstract:Discovering and describing IP traffic behavior is becoming more and more significant for efficient network management and security monitoring. Recently, many modeling techniques have been proposed, most of which focused on properties of a single dimension, such as volume-based or spatial-based. Characterizing IP traffic behavior with individual dimension features is often insufficient as they are spatiotemporally correlated. In this paper, we demonstrate that IP traffic behavior can be profiled from the perspective of end users’ access relationship. We find that groups of IPs have similar behavior traits, and with insights from the identified behavior profiles, we can discover malicious traffic behavior in the overwhelming measurement data. To this end, firstly, we extract a collection of features to profile traffic behavior from the dimension of temporal, spatial, category, and intensity. Then, we characterize and model the rhythmic behavior, the cyclical behavior, the access stable behavior, the service diversity behavior, and the hotspot behavior. Finally, we use the open-source dataset, synthetic data, and the real Internet Netflow data collected from the China Education Research Network backbone (CERNET) to empirically validate our proposal. Extensive results demonstrate that the applications of derived traffic patterns can achieve fine-grained traffic monitoring.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Bin Zhang,YANG Jia-Hai,WU Jian-Ping

DOI: https://doi.org/10.3724/SP.J.1001.2011.03950

2011-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:The Internet traffic model is the key issue for network performance management, Quality of Service management, and admission control. The paper first summarizes the primary characteristics of Internet traffic, as well as the metrics of Internet traffic. It also illustrates the significance and classification of traffic modeling. Next, the paper chronologically categorizes the research activities of traffic modeling into three phases: 1) traditional Poisson modeling; 2) self-similar modeling; and 3) new research debates and new progress. Thorough reviews of the major research achievements of each phase are conducted. Finally, the paper identifies some open research issue and points out possible future research directions in traffic modeling area. © Copyright 2011, Institute of Software, the Chinese Academy of Sciences. All rights reserved.

Kuai Xu,Feng Wang,Bin Wang

DOI: https://doi.org/10.1109/ccnc.2010.5421571

2010-01-01

Abstract:In this short paper, we present a preliminary design of a behavior profiling system in wireless home network (WHN) for network security monitoring. Figure 1 illustrates a schematic architecture of the behavior profiling system that is deployed in a typical wireless home network. The goals of the proposed behavior profiling system are to i) actively learn the traffic patterns of wireless home networks, ii) detect anomalous behavior from inside networks as well as from the Internet. Based on network traffic patterns for each computer, the system builds baseline behavior profiles, and subsequently detects events of interest through behavior deviations. The contributions of this work are two-fold. First, we propose to build the behavior profiles for each computer in WHNs towards a deep understanding of the traffic patterns in wireless residential networks. Secondly, we present a systematic architecture that aims to detect anomalous behavior through real-time traffic profiling.

Yousef Amar,Hamed Haddadi,Richard Mortier,Anthony Brown,James Colley,Andy Crabtree

DOI: https://doi.org/10.48550/arXiv.1803.05368

2018-03-14

Abstract:Internet-connected devices are increasingly present in our homes, and privacy breaches, data thefts, and security threats are becoming commonplace. In order to avoid these, we must first understand the behaviour of these devices. In this work, we analyse network traces from a testbed of common IoT devices, and describe general methods for fingerprinting their behavior. We then use the information and insights derived from this data to assess where privacy and security risks manifest themselves, as well as how device behavior affects bandwidth. We demonstrate simple measures that circumvent attempts at securing devices and protecting privacy.

Networking and Internet Architecture

Dong Peng,Yuanyuan Qiao,Jie Yang

DOI: https://doi.org/10.1109/ccis.2014.7175720

2014-01-01

Abstract:Nowadays, along with the development of mobile network, the network traffic is growing rapidly, including traffic between backbone networks. ISPs are seriously puzzled by the explosive growth of traffic between backbone networks. Therefore, the research and analysis of traffic characteristics between backbone networks becomes essential. In this paper, based on the Hadoop platform, we analyze the monthly traffic features of two provinces by using the real data collected by our self-developed traffic monitoring system. Besides, we use SARIMA model to select a daily trace that can represent the monthly trace best. Then, through analyzing the distribution of packet counts, flow duration, and user online time and so on, we examine the basic traffic characteristics and user behavior characteristics from the perspective of flows.

Yufeng Chen,Yabo Dong,Dongming Lu,Zhengtao Xiang

DOI: https://doi.org/10.1007/978-3-540-25952-7_47

2004-01-01

Abstract:Worm is becoming a more and more serious issue because worm attacks can cause huge loss in short time due to the fast-spreading character. When breaking out, worms induce abnormal traffic unlike the normal traffic, which gives us a clue of worm detecting by analyzing the abnormal characteristics of traffic involving worms, i.e. lumped traffic. Worm detection based on analyzing abnormal traffic characteristics has the advantage that it can detect novel worms without understanding the nature of the worms. And worm detection at network level is one possible detecting path, especially for Network Intrusion Detection Systems(NIDS). In this poster, we present the diversity of traffic characteristics between the normal traffic and worm traffic from the self-similarity point of view, which can be a preparation for the further investigation of the diversity of traffic characteristics between the normal traffic and lumped traffic.