Research On Backbone Network Traffic Behavior Awareness

With the development of backbone networks featured by high-speed, diversification and intricacy, the management problems and security issues related to network flows trend to be more complicated. Network traffic behavior awareness, which analyses how network behaviors change over time or space with network traffic feature parameters, has become one of the front scientific issues in both academic and industry societies. However, backbone network traffic behavior awareness is complicated, as there are a variety of factors that are responsible for this complexity, such as high-speed data transmission characteristics, mass transfer information characteristics, data flow and application flow diversification characteristics as well as the complexity of their relationships, the complexity of the relationship between various links, etc. This dissertation is mainly based on the National Natural Science Foundation“The Key Technology to Large-scale Communication Network Behavior Analysis and Feature Extraction" (under grant No. 60872033). The author's work is focused on theoretic and technical studies on the backbone network traffic abnormal behavior awareness considering both single PoP and multiple PoPs conditions, which includes three aspects: backbone network traffic behavior feature extraction, backbone network traffic abnormal behavior analysis and backbone network traffic abnormal behavior trends prediction. The main contributions to this dissertation are summarized as follows.Firstly, backbone network traffic behavior feature extraction problem is studied. Less and relatively coarse-grained traffic feature information should be selected, this is attributed to the fact that fine packet-by-packet analysis can hardly meet the demand of online traffic behavior analysis, due to the high-speed-featured data transmission and massively transmitted information in backbones. To solve the problem of holographic description for backbone network traffic behavior with minimum feature subset, the author adopts traffic flow six-tuple information (i.e., IP address and ports of source and destination, type of protocol, byte numbers) as the basic information of backbone network traffic behavior awareness, which agrees with the philosophic idea that portion reflects the whole and is premise and foundation of backbone network traffic behavior awareness. Here, considering the high-dimensional characteristics of feature information, the author proposes a traffic feature analysis method based on subspace separation of entropy. This method can compress the massive high-dimensional raw network flow data information, and simplify the representation of this information with its geometry topology being preserved.Secondly, backbone network traffic abnormal behavior analysis methods for single PoP are studied. To deal with the traffic signal featured by non-stationary, complex contents and wide spectral range, the author introduces a method that reveals the abnormal signal component in both time and frequency domain using the joint time frequency function of traffic signal. As for more intricate conditions such as non-linear and non-stationary traffic signals, the author proposes a traffic signal decompose method where basis function is adaptively obtained from origin signal. To cope with intricate relations of backbone network behavior parameters, the author proposes a multivariate time series analysis method. To comprehend abnormal behavior, a multiple time series association mining algorithm is applied to understand network traffic behavior with relationships between time series (i.e., wave pattern, structure pattern). The basic idea of this algorithm is to analyze the association rules of symbolized wave pattern, in terms of potential and underlying patterns between abnormal parts of network traffic behavior features wave pattern caused by the same network anomalies. To improve the performance of the existing network traffic behavior mining algorithm, the author proposes a fast association rule mining algorithm which significantly improves the performance of high-dimensional and massive network flow data mining by reducing the time of scanning datasets.Thirdly, backbone network traffic abnormal behavior analysis methods for multiple PoPs are studied. The author proposes a two-stage spatiotemporal approach for traffic flow mining across multiple networks, considering the mutual dependence and mutual influence of abnormal behavior across multiple PoPs within spatio-temporal. Then based on that, a multivariate time series association mining rule is applied to extract the spatiotemporal association rules of collective anomalies across multiple PoPs which facilitates perceiving backbone network traffic behavior, which improve the awareness ability of backbone network.Finally, backbone network traffic abnormal behavior trends prediction methods are studied. The author proposes a particle-swarm-optimization-based backpropagation neural network method, in consideration of the non-linear characteristics of short-term traffic behavior trends. This method obtains the learn weight value by evolution of particle swarm, and then accomplishes the prediction with neural network. To handle the network flow data with include missing value and noise, a combined grey model is proposed. This model divides raw network flow data into different subspaces, where the data is processed with prescribed approaches. Then, a small quantity of data is selected to predict the backbone network traffic behavior trends.