Home » Articles » Research: Using stochastic geometry to analyze network traffic and exclude heterogeneous (malicious) darknet traffic
Click Here To Hide Tor

Research: Using stochastic geometry to analyze network traffic and exclude heterogeneous (malicious) darknet traffic

Throughout the past few years, the explosive advancement of receivers and the rapid surge of data traffic have greatly impacted the current network architecture. According to data presented by the Cisco Complete VNI in 2017, the monthly internet traffic per receiver will rise to around 43 GB by the year 2021. As such, in order to attain optimum network management and monitoring, network traffic prediction and statistics have inarguably become an essential part of the technical methods of network security management. Via modeling of historical network traffic, a uniformly relevant traffic model is developed in order to predict future network traffic interval.

Presently, researchers rely on thorough network traffic analysis; summarizing of periodic, fractal, and chaotic features; implementation of time series, fractal, and multi-fractal analysis; neural networks; wavelet analysis; and chaos theory, in order to be able to describe and analyze network traffic. For example, Sabyasachi Basu and colleagues introduced a time series model especially designed to predict network traffic on the basis of the ARMA (Auto Regression Moving Average) model. Also, Riedi and colleagues proposed a multi-fractal wavelet model suitable for predicting network traffic. On the other hand, Jian and colleagues utilized adaptive particle swarm optimization in combination with the Elman neural network in order to improve the accuracy of predicting network traffic.

Even though the aforementioned research studies have been able to achieve network modeling, they failed to effectively identify traffic characteristics and to describe the state of behavior of the network. For instance, the ARMA based statistical network forecasting model greatly relies on complex mathematical theories and can outline long and short correlation; however, its accuracy declines as the step size rises throughout the prediction process. A non-stationary model, such as the neural network, can make up for the inability of a stationary model to define the defects of non-stationary flow.

A recently published paper introduces a practical network model and proposes a mathematical formula to calculate network traffic associated with a tagged receiver. Oppositely, if the results obtained by this proposed model do not match the traditional formula, authors of the paper postulate that the network flow rate may represent heterogeneous traffic, e.g. malicious darknet traffic (Tor). In this model, the researchers create a conventional cellular network, considering that there are two types of receivers, device-to-device (D2D) receivers and cellular receivers. D2D communication represents a key technique within a 5G network setting introduced to address the problem of limited network resources. Via means of stochastic geometry, the proposed network model can analyze network traffic.

Let’s take a look at this network model based on stochastic geometry.

Network model:

The proposed network model utilizes a single layer BSs and relies on downlink transmission. The model, shown in figure (1), is comprised of cellular receivers, multiple BSs, D2D trunkings, and multiple D2D receivers which are randomly located in a downlink cellular network.


Figure (1): A cellular network composed of D2D receivers and cellular receivers

D2D trunkings and cellular receivers can receive messages from the closest BS. A D2D receiver and a D2D delay, which is located a d distance away from the D2D receiver, will form a D2D pair. Messages can only be received by the D2D receiver from the pairing trunking, while the pairing trunking will route these messages from the BS. As such, the cellular receiver will only receive messages with one hop, while the D2D receiver will only receive messages with two hops. To put it more simply, the D2D link and the cellular link can be respectively exemplified by the link between the pair of D2D, and the link between the D2D trunking, or the cellular receiver, and the BS.

Results obtained from the proposed network model:

Experiments on the proposed model show that it is effective in exploring traffic behavior and excluding heterogeneous traffic flow that might be originating from a darknet such as Tor, which can represent malicious traffic within a 4G/5G network setting. The paper proposes a theoretical framework based on stochastic geometry to analyze network traffic for a hypothetical cellular D2D network. The study first obtained the theoretical traffic results, then confirmed them via extensive simulations. Moreover, results prove that the network model can yield optimal resources allocation that can result in optimal network traffic.

Leave a Reply

Your email address will not be published. Required fields are marked *


Captcha: *