Open Access
Predicción de tráfico de Internet and aplicaciones
(2001) Bernal, I.; Aracil Rico, Javier; Morató Osés, Daniel; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Díez Marca, L. A.; Automática y Computación; Automatika eta Konputazioa
In this paper we focus on traffic prediction as a means to achieve dynamic bandwidth allocation in a generic Internet link. Our findings show that coarse prediction (bytes per interval) proves advantageous to perform dynamic link dimensioning, even if we consider a part of the top traffic producers in the traffic predictor.
Open Access
Online classification of user activities using machine learning on network traffic
(Elsevier, 2020) Labayen Guembe, Víctor; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoaren eta Telekomunikazio Ingeniaritzaren
The daily deployment of new applications, along with the exponential increase in network traffic, entails a growth in the complexity of network analysis and monitoring. Conversely, the increasing availability and decreasing cost of computational capacity have increased the popularity and usability of machine learning algorithms. In this paper, a system for classifying user activities from network traffic using both supervised and unsupervised learning is proposed. The system uses the behaviour exhibited over the network and classifies the underlying user activity, taking into consideration all of the traffic generated by the user within a given time window. Those windows are characterised with features extracted from the network and transport layer headers in the traffic flows. A three-layer model is proposed to perform the classification task. The first two layers of the model are implemented using K-Means, while the last one uses a Random Forest to obtain the activity labels. An average accuracy of 97.37% is obtained, with values of precision and recall that allow online classification of network traffic for Quality of Service (QoS) and user profiling, outperforming previous proposals.
Open Access
Traffic generator using Perlin Noise
(IEEE, 2012) Prieto Suárez, Iria; Izal Azcárate, Mikel; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa; Universidad Pública de Navarra / Nafarroako Unibertsitate Publikoa
Study of high speed networks such as optical next generation burst or packet switched networks require large amounts of synthetic traffic to feed simulators. Methods to generate self-similar long range dependent traffic already exist but they usually work by generating large blocks of traffic of fixed time duration. This limits simulated time or require very high amount of data to be stored before simulation. On this work it is shown how self-similar traffic can be generated using Perlin Noise, an algorithm commonly used to generate 2D/3D noise for natural looking graphics. 1-dimension Perlin Noise can be interpreted as network traffic and used to generate long range dependent traffic for network simulation. The algorithm is compared to more classical approach Random Midpoint Displacement showing at traffic generated is similar but can be generated continuously with no fixed block size.
Open Access
Analysis of Internet services in IP over ATM networks
(IEEE, 1999) Aracil Rico, Javier; Morató Osés, Daniel; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
This paper presents a trace-driven analysis of IP over ATM services from a user-perceived quality of service standpoint. QoS parameters such as the sustained throughput for transactional services and other ATM layer parameters such as the burstiness (MBS) per connection are derived. On the other hand, a macroscopic analysis that comprises percentage of flows and bytes per service, TCP transaction duration and mean bytes transferred in both ways is also presented. The traffic trace is obtained with a novel measurement equipment that combines a header extraction hardware and a high end UNIX workstation capable of providing a timestamp accuracy in the order of microseconds. The ATM link under analysis concentrates traffic from a large population of 1,500 hosts from Public University of Navarra campus network, that produce 1,700,000 TCP connections approximately in the measurement period of one week. The results obtained from such a wealth of data suggest that QoS is primarily determined by transport protocols and not by ATM bandwidth. The sustained throughput of TCP connections never grows beyond 80 Kbps with 70% probability in the data transfer phase (i. e., in the ESTABLISHED state) and we observe a strong influence of the connection establishment phase in the user-perceived throughput. On the other hand, the burstiness of individual TCP connections is rather small, namely TCP connections do not produce bursts according to the geometric law given by slow start and commonly assumed in previously published studies.
Open Access
Analysis and stochastic characterization of TCP flows
(Springer, 2000) Aracil Rico, Javier; Morató Osés, Daniel; Izal Azcárate, Mikel; Automática y Computación; Automatika eta Konputazioa
Since the most Internet services use TCP as a transport protocol there is a growing interest in the characterization of TCP flows. However, the flow characteristics depend on a large number of factors, due to the complexity of the TCP. As a result, the TCS characteristics are normally studies by means of simulations or controlled network setups. In this paper we propose a TCP characterization based on a generic model based of stochastic flow with burstiness and throughput (((σ, ρ)-constraints), which is useful in order to characterize flows in ATM and other flow-switched networks. The model is obtained through extensive analysis of a real traffic trace, comprising an approximate number of 1,500 hosts and 1,700,000 TCP connections. The results suggests that TCP connections in the wide area Internet have low throughput while the packet bursts do not suffer an exponential increase, as indicated by the slow-start behavior. On the other hand, the impact of the connection establishment phase is striking. We note that the throughput of the TCP flow is approximately half the throughput which is obtained in the data transfer phase, namely after the connection has been established.
Open Access
IP traffic prediction and equivalent bandwidth for DAMA TDMA protocols
(IEEE, 2003) Aracil Rico, Javier; Izal Azcárate, Mikel; Morató Osés, Daniel; Magaña Lizarrondo, Eduardo; Automática y Computación; Automatika eta Konputazioa
The use of IP traffic prediction techniques for DAMA TDMA protocols is investigated in this paper. The predicted traffic distribution is derived when the input traffic shows long-range dependence features. Furthermore, an equivalent bandwidth is calculated, which allows the wireless terminal to request a certain amount of bandwidth (slot duration) in terms of a target traffic loss probability. The numerical results indicate very good traffic prediction capabilities, together with moderate bandwidth loss.
Open Access
Use of CBR for IP over ATM
(SPIE, 1997) Aracil Rico, Javier; Morató Osés, Daniel; Izal Azcárate, Mikel; Donézar, C.; Automática y Computación; Automatika eta Konputazioa
Internet traffic burstiness allows for statistical multiplexing gain in the available bandwidth of an ATM link. However, a dynamic allocation bandwidth assignment (ABR) has to be performed. In this paper we evaluate the real advantages of ABR versus CBR for Internet service provisioning. We consider performance parameters such as connection setup delay and active waiting time due to flow control and show that CBR schemes can be a good alternative for Internet service provisioning over ATM networks.
Open Access
Midiendo retardos y pérdidas en las redes móviles de alta velocidad
(2015) Prieto Suárez, Iria; Izal Azcárate, Mikel; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Automática y Computación; Automatika eta Konputazioa
Mobile networks are constantly evolving, but still, due to their nature, it is not trivial to analayse how they face up different kinds of traffic. On the Internet a wide range of services can be found. Usually the majority send large packets, i.e Web services, but others, like VoIP, send small packets. The question is how the mobile networks manage all this traffic. In this work experiments to measure losses and times of sending different packet size bursts are described. Also, preliminary results for experiments with a real network mobile client, are analaysed showing that the performance of the network is different depending on the size of packet.
Open Access
Interactivity anomaly detection in remote work scenarios using LTSM
(IEEE, 2024) Arellano Usón, Jesús; Magaña Lizarrondo, Eduardo; Morató Osés, Daniel; Izal Azcárate, Mikel; Ingeniería Eléctrica, Electrónica y de Comunicación; Ingeniaritza Elektrikoa, Elektronikoa eta Telekomunikazio Ingeniaritza; Institute of Smart Cities - ISC
In recent years, there has been a notable surge in the utilization of remote desktop services, largely driven by the emergence of new remote work models introduced during the pandemic. These services cater to interactive cloud-based applications (CIAs), whose core functionality operates in the cloud, demanding strict end-user interactivity requirements. This boom has led to a significant increase in their deployment, accompanied by a corresponding increase in associated maintenance costs. Service administrators aim to guarantee a satisfactory Quality of Experience (QoE) by monitoring metrics like interactivity time, particularly in cloud environments where variables such as network performance and shared resources come into play. This paper analyses anomaly detection state of the art and proposes a novel system for detecting interactivity time anomalies in cloud-based remote desktop environments. We employ an automatic model based on LSTM neural networks that achieves an accuracy of up to 99.97%.
Open Access
A popularity-aware method for discovering server IP addresses related to websites
(IEEE, 2013) Torres García, Luis Miguel; Magaña Lizarrondo, Eduardo; Izal Azcárate, Mikel; Morató Osés, Daniel; Automática y Computación; Automatika eta Konputazioa
The complexity of web traffic has grown in the past years as websites evolve and new services are provided over the HTTP protocol. When accessing a website, multiple connections to different servers are opened and it is usually difficult to distinguish which servers are related to which sites. However, this information is useful from the perspective of security and accounting and can also help to label web traffic and use it as ground truth for traffic classification systems. In this paper we present a method to discover server IP addresses related to specific websites in a traffic trace. Our method uses NetFlow-type records which makes it scalable and impervious to encryption of packet payloads. It is, moreover, popularity-aware in the sense that it takes into consideration the differences in the number of accesses to each site in order to provide a better identification of servers. The method can be used to gather data from a group of interesting websites or, by applying it to a representative set of websites, it can label a sizeable number of connections in a packet trace.