Sciweavers

TMA
2010
Springer

On the Use of TCP Passive Measurements for Anomaly Detection: A Case Study from an Operational 3G Network

14 years 7 months ago
On the Use of TCP Passive Measurements for Anomaly Detection: A Case Study from an Operational 3G Network
In this work we discuss the use of passive measurements of TCP performance indicators in support of network operation and troubleshooting, presenting a case-study from a real 3G cellular network. From the analysis of TCP handshaking packets measured in the core network we infer Round-Trip-Times (RTT) on both the client and server sides separately for UMTS/HSPA and GPRS/EDGE sections. We also keep track of the relative share of packet pairs which did not lead to a valid RTT sample, e.g. due to loss and/or retransmission events, and use this metric as an additional performance signal. In a previous work we identified the risk of measurement bias due to early retransmission of TCP SYNACK packets by some popular servers. In order to mitigate this problem we introduce here a novel algorithm for dynamic classification and filtering of early retransmitters. We present a few illustrative cases of abrupt-change observed in the real network, based on which we derive some lessons learned about...
Peter Romirer-Maierhofer, Angelo Coluccia, Tobias
Added 18 May 2010
Updated 18 May 2010
Type Conference
Year 2010
Where TMA
Authors Peter Romirer-Maierhofer, Angelo Coluccia, Tobias Witek
Comments (0)