A New Approach to Online, Multivariate Network Traffic Analysis

Network traffic analysis has long been a core element for effective network operations and management. While online monitoring has been studied for a while, it is still intensively challenging due to several reasons. One of the primary challenges is the heavy volume of traffic to analyze within a finite amount of time. Another important challenge to enable online monitoring is to support multivariate analysis of traffic variables to help administrators identify unexpected network events intuitively. To this end, we propose a new approach that offers a high-level summary of the network traffic with the multivariate analysis. With this approach, the current state of the network will display an abstract pattern compiled from a set of traffic variables, and the detection problems in traffic analysis (e.g., change detection and anomaly detection) can be reduced to a straightforward pattern identification problem. In this paper, we introduce our preliminary work with clustered patterns for online, multivariate traffic analysis with the challenges and limitations. We then present a grid-based model that is designed to overcome the limitations of the clustered pattern-based technique. We will discuss the potential of the new model with respect to streaming-based computation and robustness to outliers.