Abstract
Being able to monitor each packet path is critical for effective measurement and management of networks. However, such detailed monitoring can be very expensive especially for large-scale networks. To address such problem, inspired by thermodynamics, which uses the statistical characteristics of a large number of molecules’ motion but not each molecule’s trajectory for analysis, we propose the new concept of network temperature together with the notions of network-specific heat and network temperature gradient. Our approach does not only provide a statistical view of the current network state consisting of all the active packet paths at each time instant, but can be used to represent transitions among network states. Our network temperature-based methods have a broad applicability, such as to DDoS detection, dynamic node importance ranking, network stability and robustness evaluation, reliable packets routing, provenance compression assessment, and so on. Numerical and/or the experimental results show that our methods are effective.
1 INTRODUCTION
Given the topology of a packet-switched network, packet paths provide a means to understand what is or is not working properly through links troubleshooting, protocol debugging, workload characterization, and performance evaluation [1, 7, 18]—all these functions are critical for secure and reliable networks. Network management applications thus often require the ability to efficiently monitoring all the packet paths. However, in large-scale networks, the quadratic growth in the number of network paths with respect to the number of network nodes makes it impractical to record detailed information about each single packet path [12]. To address such an issue, compressed packet path recording schemes, also known as provenance schemes, have been proposed [8, 14, 15]. However, lossless compression schemes can only mitigate the packet paths’ size expansion but cannot always limit the size to an analyzable range especially when such analyses have to be carried out within certain time constraints [16].
Although the requirement of monitoring each packet path is not new, it is worth pointing out that most packet paths are not being scrutinized or even checked, unless security or performance anomalies are detected. As a result, coarse-grained packet paths schemes are commonly deployed. In the extreme case, when the network operation is defined as a sequence of network state transits, all packet paths active at a given time, which defines one of those network states are mapped onto a single value. Network entropy, which has various definitions such as Shannon entropy, Rényi entropy, Tsallis entropy, and Von Neumann entropy [6], is one such approach. Because those entropy-based approaches preserve the basic packet paths characteristics, many network anomalies can be efficiently detected through network entropy changes [3, 17, 20]. However, network entropy is a numerical value only, which provides little information to understand the patterns of those network state transits.
Inspired by thermodynamics that analyzes large numbers of molecules moving in a system through their statistical characteristics but not each molecule’s trajectory, we propose the novel concept of network temperature for network measurement and management, in which packet paths are comparable to molecule trajectories. Compared to network entropy, network temperature not only provides a statistical view of a network state as composed of all the active packet paths at a given time, but it also can be used to model the patterns of those network states changes.
Clearly, network temperature is not the thermodynamic temperature of a network. We choose such a name because, mathematically, network temperature and thermodynamic temperature share the same mathematical formulations, though the parameters’ physical meanings in these formulas are different. Furthermore, referring to thermodynamic temperature’s characteristics, we also introduce the notions of network-specific heat and network temperature gradient. Network temperature, network-specific heat, and network temperature gradient together are a thermodynamics alike system for measuring the current state of a network as well for modeling the network state transition patterns.
Regarding networks measurement and management, by far, we observed that network temperature is suitable for measuring packets transmission pattern in a network. Higher network temperature generally means that most of nodes are busy generating/transmitting/forwarding/receiving packets; and/or Shannon’s entropy of the packets transmission keeps increasing. As a result, lower network temperature is always preferred concerning the reliability of packets transmission. Furthermore, like in thermodynamics, network-specific heat represents the robustness of a network with respect to network temperature, i.e., lower network-specific heat indicates a small change in packets transmission pattern that will lead to an obvious network temperature change. Therefore, higher network-specific heat is always preferred concerning the robustness of packets transmission. Network temperature gradient describes in which direction and at which rate the network temperature changes the most rapidly at a particular location, which provides an effective way to decrease/increase the network temperature in a network. As the meaning of decreasing network temperature is clear, we argue that increasing network temperature may lead to a new approach of DoS (denial-of-service) attacks.
The contributions of the article are as follows:
We propose the concept of network temperature together with the notions of network-specific heat and network temperature gradient.
We propose and formally prove the properties of network temperature, network-specific heat, and network temperature gradient. We provide numerical results that confirm these properties.
We discuss several applications of network temperature, network-specific heat, and network temperature gradient to network measurement and management. Many such applications are critical for network security and reliability. We have conducted experiments, on publicly available datasets, to validate such applications and show that our approach is effective for these applications.
The rest of the article is organized as follows: Section 2 provides preliminaries. Section 3 formally defines network temperature, network-specific heat, and network temperature gradient and discuss their properties. Section 4 introduce possible applications of our network temperature-based methods. Section 5 reports experimental results. Section 6 concludes the article and outlines future work.
2 PRELIMINARIES
As preliminary for our work, we give a brief overview of thermodynamic temperature. Furthermore, the relationships between thermodynamic entropy and information entropy are discussed.
2.1 Thermodynamic Temperature
Thermodynamic temperature is an objective comparative measurement of heat, which measures the kinetic energy of atoms and molecules. The higher the temperature, the faster the molecules of matter move. Although thermodynamic temperature is commonly measured by units such as Celsius (denoted \(^{\circ }\)C), Fahrenheit (denoted \(^{\circ }\)F), and Kelvin (denoted K), its definition is independent of those measurement units. The formal definition of thermodynamic temperature, Equation (1), is the derivative of the system’s heat quantity with respect to the system’s thermodynamic entropy. (1) \[\begin{equation} T=\frac{dQ}{dS}, \end{equation}\] where \(dQ\) is the incremental reversible transfer of heat energy into the system and \(dS\) is the corresponding thermodynamic entropy changes.
The definition of thermodynamic entropy \(S\) is given by Equation (2), which was established by Ludwig Boltzmann and J. Willard Gibbs in the 1870s, where \(p_i\) is the probability of the microstate \(i\) taken from an equilibrium ensemble, and \(k\) is Boltzmann’s constant. (2) \[\begin{equation} S =-{k}\sum \limits _i {{p_i}\ln {p_i}} \end{equation}\]
There are many different ways to define a microstate in thermodynamics entropy. One of them, easy to understand, is in classical mechanics, where each microstate is defined as a theoretical absolutely instantaneous photo of the location and momentum of each molecule. The physical meaning of thermodynamic entropy is the system’s chaotic measurement, i.e., the higher the \(S\), the harder to predict those microstates’ transit.
2.2 Thermodynamic Entropy and Information Entropy
The definition of information entropy is given by Equation (3) established by Claude E. Shannon in 1948, where \(p_i\) is the probability of the message \(i\) taken from a message ensemble and \(b\) is the base used for the logarithm. The unit of \(H\) is bit for \(b = 2\) and nat for \(b = e\), where \(e\) is Euler’s number. (3) \[\begin{equation} H =-\sum \limits _i {{p_i}{\log _b}{p_i}} \end{equation}\]
Compared to the vague physical meaning of thermodynamic entropy, the physical meaning of information entropy is clear, viz. \(H\) is the amount of unknown information about a message consisting of a sequence of symbols. For instance, if we know that a symbol occurring with probability \(p_i\) appears in the message, then \(-\log _2{p_i}\) bits will be reduced from \(H\). As a result, if there are no uncertain symbols in the message, then \(H\) will be reduced to zero.
Although thermodynamic entropy \(S\) and information entropy \(H\) are defined independently, formally the only difference between \(S\) and \(H\) is the constant \(k\) in Equation (3) when \(b=e\).
The relationship between thermodynamic entropy and information entropy is one of the most fascinating topics in the multi-disciplinary study of physics and information theory. For instance, does an object, e.g., a person, acquiring information have a fundamental thermodynamic cost? An intuitive clue to such a question is a famous joke: Don’t think too much, your head will be very hot. As to the serious answer for the question, the first effort can be traced back to the year 1867 when Maxwell’s demon was proposed (see Figure 1), in which the demon can create a temperature difference within an insulated container divided into two parts by a piece of insulation board through the demon’s recognition of the molecules’ speeds. Such a demon violates the second law of thermodynamics, because the temperature difference created by the demon can be utilized by a heat engine to extract work without consuming any known energy at that time.
Fig. 1. Maxwell’s demon, where the arrows indicate the velocity of molecules motion. The longer the arrow, the higher the molecule’s speed is.
The paradox of Maxwell’s demon was clarified in 1961 by Landauer [9], who argued that the acquisition of information through a measurement requires the dissipation of at least \(kT\ln 2\) joule energy for each bit, where \(T\) is a temperature scaled in Kelvin and \(k \approx 1.38 \times 10^{-23}\) J/K is Boltzmann’s constant. In 2012, Brut et al. in the journal Nature reported the experimental verification of the Landauer’s principle [4]. Brillouin even concluded that any cause for a bit value change, i.e., measurement, the decision about a yes/no question, erasure, display, and so on, will require the same amount of energy [5]. As a result, there is no way for Maxwell’s demon to create a temperature difference between the two parts in Figure 1 without consuming any energy. Such a conclusion also connects the number of bits that a brain processes and the energy that the brain consumes.
All those research works confirm that any information change has a fundamental thermodynamic cost, which indicates that thermodynamics and information theory are interrelated. As a bold vision, what will we get if we substitute information entropy for thermodynamic entropy in the temperature’s definition? Can a thermodynamics alike system be built to measure and manage network states transits? The article presents our work about that exploration and its application to functions relevant for the security and reliability of networks.
3 NETWORK TEMPERATURE DEFINITION
In this section, we define network temperature, network-specific heat, and network temperature gradient in the context of a packet-switched network (network, for short). We also report numerical results for the three proposed concepts.
3.1 Network Model
We model a network as a graph of nodes, where each node has a unique address or ID.
(Network Model).
The network model is a directed graph \(G(N, E)\), where \(N =\lbrace n_i|1 \le i \le |N|\rbrace\) is the set of nodes and \(E=\lbrace e_{ij}| 1 \le i,j \le |N| \rbrace\) is the set of directed edges connecting nodes; \(|N|\) and \(|E|\) denote the cardinality of set \(N\) and set \(E\), respectively; a directed edge \(e_{ij}\), \(i, j \in \mathbb {N}^{+}\), specifies that there is a one-hop connection from node \(n_i\) to node \(n_j\).
According to Definition 1, the behavior of a network in a time interval of duration \(\Delta t\) can be represented by a matrix \(\lbrace a_{ij}\rbrace _{N \times N}\), where \(a_{ij}\) represents the number of packets transmitted from \(n_i\) to \(n_j\) within \(\Delta t\). \(\lbrace a_{ij} \rbrace _{N \times N}\) is updated periodically or on demand to reflect both the network topology and network load changes. If \(a_{ij} = \phi\), then the corresponding \(e_{ij}\) does not exist. Clearly, in such a network if every node can reach the other nodes through multi-hop packet transmissions, then \(|N|\) and \(|E|\) satisfy the relationship \(|N|-1\le |E| \le |N|\cdot (|N|-1)\).
The network operation is defined as a series of network states transits, where a network state at a given time consists of all the active packet paths at this time. Based on the network model of Definition 1, the snapshot of a network state is \(k\) packets being transmitted over \(|E|\) directed edges, where a packet being transmitted over an edge \(e_{ij}\) means that the link from \(n_i\) to \(n_j\) is occupied by the transmission of the packet.
3.2 Network Entropy
We select Shannon entropy to define network entropy because all of Rényi entropy, Tsallis entropy, and Von Neumann entropy reduce to Shannon entropy under certain conditions [11], i.e., Shannon entropy is the most fundamental among all the known definitions of entropy.
(Network Entropy).
The network entropy \(H\) for a network \(G(N, E)\) is defined as follows: (4) \[\begin{equation} H =-\sum \limits _i {{p_i}{\log }{p_i}}, \end{equation}\] where \(p_i\) denotes the occurrence probability of network state \(i\) taken from a state space \(\mathcal {S}\) and the base of \(\log {p_i}\) is 2.
Assume that there are \(k\) packets distributed over \(|E|\) edges at the moment, where each edge is a section of an active packet path. The cardinality of the state space \(\mathcal {S}\) is then formulated as follows: (5) \[\begin{equation} |\mathcal {S}|=\left(\begin{gathered}|E| \hfill \\ k \hfill \\ \end{gathered} \right) \cdot k!. \end{equation}\]
If all the network states are equiprobable, then the network entropy defined by Equation (4) will reduce to Hartley’s entropy [13]: (6) \[\begin{equation} H ={\log } {|\mathcal {S}|,} \end{equation}\] which is the largest value that the network entropy in Definition 2 can take.
3.3 Network Temperature
Network temperature is likewise defined by the mathematical expression of thermodynamic temperature (see Equation (1)), in which we substitute the network entropy for thermodynamic entropy and take the view that the number of packets distributed over directed edges, viz. the number of packets being transmitted, represents the counterpart for heat energy.
It is easy to understand that the network entropy is comparable to thermodynamic entropy in the definition. As to why take the view that the number of packets distributed over directed edges represents the counterpart for heat energy, the reason is that the functional relationship model for the number of packets distributed over directed edges and the network entropy in Definition 2 is exactly the same as that of the heat energy and thermodynamic entropy.
(Network Temperature).
The network temperature \(T\) for a network \(G(N, E)\) is defined as follows: (7) \[\begin{equation} T=\frac{\Delta P}{\Delta H}, \end{equation}\] where \(\Delta P\) is the incremental quantity of packets in transmission and \(\Delta H\) is the corresponding network entropy change.
Note that it is meaningless to discuss network temperature with respect to a single packet transmission, because network temperature reflects the statistical characteristics of the paths of all the packets in transmission as an ensemble at a given time.
In Definition 3, when all packets are being cached in buffers or there is no packet in transmission, i.e., \(\Delta P=0\) and \(\Delta H=0\), the network temperature \(T\) is then defined as zero. The reason of such definition is based on thermodynamics, where temperature reflects the average kinetic energy of the molecules in a system. When the molecules lose all the motion freedom, the system’s thermodynamic temperature is equal to zero.
Assuming \(k\) packets in transmission at a given time, the network temperature \(T\) of a network \(G(N, E)\) can be approximately calculated by the following equation: (8) \[\begin{equation} \frac{1}{T} =\frac{\Delta H}{\Delta P} \approx \frac{\partial H}{\partial k}. \end{equation}\]
To obtain the analytic expression for \(H\), we apply Stirling’s approximation, viz. \(x! \approx x^x \cdot e^{-x} \cdot \sqrt {2 \pi x}\), to Equation (6). \(H\) can then be expressed as: \[\begin{equation*} \begin{split}H&=\ln \left(\left(\begin{gathered}|E| \hfill \\ k \hfill \\ \end{gathered} \right)\cdot k! \right)\cdot \frac{1}{\ln 2}= \left(\ln \left(\begin{gathered}|E| \hfill \\ k \hfill \\ \end{gathered} \right)+\ln k! \right)\cdot \frac{1}{\ln 2}\end{split}. \end{equation*}\]
Therefore, (9) \[\begin{equation} T \approx \frac{\partial k}{\partial H}\approx \ln 2 \cdot \left(\ln (|E|-k)+\frac{1}{2k} \right)^{-1}. \end{equation}\]
Note that the domain of Equation (9) has been extended by applying Stirling’s approximation. Equation (9) only takes values when \(k, |E| \in \mathbb {N}^{+}\) for network temperature calculations.
Let \(G(N,E)\) be the network model of a given network; let \(T\) denote the network temperature. Then \(T \ge 0\) when \(|E|\gt k\). \(T\) is strictly monotonically increasing with the increase of \(k\) and is strictly monotonically decreasing with the increase of \(|E|\).
Because \(k, |E| \in \mathbb {N}^{+}\), when \(|E|\gt k\), \(|E|-k \ge 1\). Therefore, according to Equation (9), \(T\gt 0\). Furthermore, in Definition 3 \(T=0\) when \(k=0\), \(T \ge 0\) thus follows. Now, we use \(T_{d}(|E|,k)\) to represent the denominator of Equation (9). \[\begin{align*} T_{d}(|E|,k+\Delta k)-T_{d}(|E|,k) = \ln {\frac{|E|-(k+\Delta k)}{|E|-k}}+ \frac{1}{2(k+\Delta k)}-\frac{1}{2k} \end{align*}\]
Note that \(k, |E| \in \mathbb {N}^{+}\), \[\begin{equation*} \ln {\frac{|E|-(k+\Delta k)}{|E|-k}}\lt \ln 1=0,~\frac{1}{2(k+\Delta k)}-\frac{1}{2k}\lt 0. \end{equation*}\]
Therefore, when \(\Delta k\gt 0\), \(T_{d}(|E|,k+\Delta k)-T_{d}(|E|,k)\lt 0\). Furthermore, when \(\Delta |E|\gt 0\), \[\begin{align*} T_{d}(|E|+\Delta |E|,k)-T_{d}(|E|,k) = \ln {\frac{|E|+\Delta |E|-k}{|E|-k}}\gt \ln 1=0. \end{align*}\]
Thus, \(T\) is strictly monotonically increasing with the increase of \(k\) and monotonically decreasing with the increase of \(|E|\).□
For a network \(G(N,E)\), the network entropy \(H\) is strictly monotonically increasing with the increase of network temperature \(T\).
According to Equation (5), \(H\) is strictly monotonically increasing with the increase of \(k\), viz. the number of packets in transmission. Therefore, when \(H\) is increasing, \(k\) increases too. Furthermore, by Theorem 1, we know that the increase in \(k\) leads to the increase in \(T\), \(H\) is then strictly monotonically increasing with the increase in \(T\).□
By Equation (9), network temperatures are calculated on the assumption that each one-hop link is used evenly, which results in the largest entropy \(H\) for the network, and thus the derived network temperature is the network temperature’s upper bound. However, by applying such an equation to calculate the local network temperature, viz. the network temperature around a node within certain packet transmission hops, the deviation of the observed network temperature and the real network temperature will decrease with the decrease in the number of hops. As a result, the entire network temperature can be approximated by the mean of every subarea’s local network temperature. Furthermore, Equation (9) is not the only way to obtain network temperature, it also can be calculated through Definition 3, which has numerical solutions only.
3.4 Network Heat Capacity
Like heat capacity in thermodynamics, network heat capacity is defined as a measurable quantity equal to the ratio of the amount of the packets added to (or removed from) a network system to the resulting network temperature change. Because the network heat capacity always increases with the increase of the network, we then define the notion of specific heat capacity (specific heat, for short), which is the heat capacity per unit amount of the current network state. In the light of network temperature’s definition, which depends on \(k\) packets distributed over \(|E|\) edges, packet and directed edge between nodes are selected as the two different units to define the two types of network-specific heat.
(Specific Heat for Packets).
The network-specific heat with packets in a network \(G(N, E)\) is defined as follows: (10) \[\begin{equation} C_P=\frac{\Delta k}{|E| \cdot \Delta T}, \end{equation}\] where \(\Delta k\) is the incremental quantity of packets in transmission; and \(\Delta T\) is the corresponding network temperature change.
According to Equation (10), (11) \[\begin{equation} {C_P}\approx \frac{1}{|E|} \cdot \frac{\partial k}{\partial T} \approx \frac{(2k\ln {(|E|-k)}+1)^{2}(|E|-k)}{2|E|\ln 2 \cdot (2k^{2}+|E|-k)}. \end{equation}\]
According to Equation (9), we know that \(|E|\gt k\) if the network temperature is measurable. Then both the numerator and the denominator of Equation (11) are positive, \(C_{P}\gt 0\) thus follows, viz. \(C_{P}\) is a positive specific heat.□
(Specific Heat for Edges).
The network-specific heat with edges in a network system \(G(N, E)\) is defined as follows: (12) \[\begin{equation} C_{|E|}=\frac{\Delta |E|}{k \cdot \Delta T}, \end{equation}\] where \(\Delta |E|\) is the incremental quantity of directed edges; \(\Delta T\) is the corresponding network temperature change; and \(k\) is the number of the packets being transmitted.
Similarly to the derivation of Equation (11), (13) \[\begin{equation} {C_{|E|}} \approx -\frac{(k\ln {(|E|-k)}+0.5)^{2}(|E|-k)}{k^3\ln 2}. \end{equation}\]
3.5 Network Temperature Gradient
The network temperature gradient is a location-based vector and describes in which direction and at which rate the network temperature changes the most rapidly at a particular location. The unit of the network temperature gradient is degree per unit length, e.g., a hop or a subnetwork. To associate positions with the nodes, without loss of generality, a plane-rectangular coordinate system is used, and then the network temperature at location \((x,y)\) is represented by \(T(x,y)\).
(Network Temperature Gradient).
Let \((x, y)\) be the position of a given node in a network \(G(N, E)\); the network temperature gradient is defined as follows: (14) \[\begin{equation} \bigtriangledown T=\left(\frac{\Delta T}{\Delta x},\frac{\Delta T}{\Delta y}\right), \end{equation}\] where \(\Delta T\) is the network temperature change with respect to the location change \((\Delta x\), \(\Delta y)\).
Therefore, the network temperature gradient at a position \(P(x,y)\) can be approximated as: (15) \[\begin{equation} \bigtriangledown T \approx \left(\frac{\partial T}{\partial x},\frac{\partial T}{\partial y}\right). \end{equation}\]
There are two network temperature gradients, viz. the hot gradient and the cooling gradient, where packet transmissions along the hot gradient will increase the network temperature the most rapidly; and the packet transmissions along the cooling gradient achieves the right opposite effect.
3.6 Numerical Examples
To further understand the network temperature and network-specific heat defined above, we provide numerical examples for them in networks composed of 20 nodes using Maple. We intentionally choose relatively small sizes, because network temperature is an average quantity according to Definition 3. The local average network temperature for a node then is more accurate than that of the average network temperature for the entire network.
In the numerical results, we show the changes of network temperature \(T\), network-specific heat \(C_P\) and \(C_{|E|}\), with respect to the changes of \(k\), viz., the number of packets in transmission, and \(|E|\), viz., the number of one-hop data communication links, respectively.
Note that network temperature gradient is not an independent vector, determined by network temperature and a node’s location, and thus does not have meaningful mathematical properties such as monotonicity, continuity, and so on. Therefore, we do not provide numerical results for these properties for the network temperature gradient.
3.6.1 Network Temperature.
Figure 2(a) shows the network temperature surface in the numerical examples.
Fig. 2. Numerical examples for network temperature, network-specific heat, and network temperature gradient. (a) The network temperature surface; (b) the network temperature curves with respect to the increase in the numbers of packets, where \( |E|=20,25,30 \); (c) the network temperature curves with respect to the increase in the number of edges where \( k=9,13,17 \); (d) the network-specific heat \( C_{P} \) curves with respect to the number of the packets, where \( |E|=20,25,30 \); (e) the network-specific heat \( C_{|E|} \) curves with respect to the number of the edges, where \( k=9,13,17 \).
Figure 2(b) shows that: (1) \(T\) is strictly monotonically increasing with the increase in \(k\); (2) with the same \(k\), the network with larger \(|E|\) has a lower \(T\); (3) when \(k \lt 0.75|E|\) the \(T\) increases slightly with the increases in \(k\); when \(k \ge 0.75|E|\) the \(T\) increases drastically with the increases in \(k\).
Figure 2(c) shows that: (1) \(T\) is strictly monotonically decreasing with the increases in \(|E|\); (2) with the same \(|E|\), the network with larger \(k\) has a higher \(T\).
Figure 2 endorses Theorem 1, i.e., (1) with the same number of one-hop data communication links in a network, the network temperature increases with the increase in the number of packets being transmitted; (2) with the same number of packets being transmitted, the network temperature decreases with the increase in the number of one-hop data communication links in the network.
3.6.2 Network-specific Heat.
Figure 2(d) shows that: (1) \(C_P\gt 0\), which supports the conclusion of Theorem 2; (2) with the same \(k\), \(C_P\) increases when \(|E|\) increases; (3) for the same \(|E|\), \(C_P\) increases when \(k\) increases for \(k\lt 0.25|E|\) and then decreases when \(k\) increases for \(k \ge 0.75|E|\) approximately.
Figure 2(e) shows that: (1) \(C_{|E|}\lt 0\), which supports the conclusion of Theorem 3; (2) for the same \(|E|\), \(C_{|E|}\) increases when \(k\) increases; (3) for the same \(k\), \(C_{|E|}\) decreases when \(|E|\) increases.
4 APPLICATIONS
In this section, we provide insights into network temperature, network-specific heat, and network temperature gradient as well their potential applications.
4.1 DDoS Pre-warning and Detection
Network entropy has been used for Distributed Denial-of-Service (DDoS) based on the assumption that the entropy of basic communication parameters change observably during a DDoS attack [10]. However, because such an approach sends a DDoS alarm only when network entropy exceeds the given decision threshold, by this time the attack has already caused damages to network services.
Our network temperature is a more accurate and effective indicator for the DDoS detection. In our approach \(H_t=H_0+at\), where: \(H_0\) is the current network entropy; \(H_t\) is the network entropy after time \(t\); \(a\) is the acceleration of network entropy changes. Note that the inverse of network temperature is equal to \(a\), which is the impetus to network entropy changes (see Equation (9)). Therefore, the network temperature change is more sensitive than network entropy under DDoS attacks, and thus it is more accurate.
To show the effectiveness a network temperature-based DDoS detection, we have carried experiments using publicly available data. Results are presented in Section 5.
4.2 Dynamic Node Importance Ranking
When a network is under attack, if we are unable to protect every node with the same strength due to limited resources, ranking and then protecting important nodes is critical. Although many methods have been proposed to evaluate nodes’ importance, most of them are network topology based methods only, e.g., Degree Centrality (DC), Betweenness Centrality (BC), Closeness Centrality (CC), Eigenvalue Centrality (EC), and so on. As a result, the important nodes chosen by those methods may be rarely used for packet transmissions, as these nodes are not critical for the network’s communication.
Note that the higher the network temperature around a node, the more packets are processed at the node, i.e., the network temperature at a node is a measure of the node’s contribution to the network’s communication. Therefore, network temperature can be used to rank nodes’ importance under such an environment.
With respect to packet transmissions in a network, a node with a high network temperature is more important than a node with a lower network temperature.
To show the effectiveness of a network temperature-based approach for detecting importance of nodes in a network, we have carried experiments using publicly available data. Results are presented in Section 5.
4.3 Network Stability and Robustness Evaluation
In physics, when temperature changes, the characteristics of the material, such as volume, extensibility, and conductibility, change accordingly. Likewise, the stability and robustness of a network also change with the changes in the network temperature.
A high network temperature indicates that the network has a heavy load at the moment, and thereby the values of packet loss rate, packet transmission delay, and packet transmission jitters are higher compared to their values when the network temperature is lower.
With respect to packet transmissions in a network, the network stability will increase when network temperature decreases and vice versa.
According to Definition 4 and Definition 5, a large absolute value of specific heat \(C_P\) or \(C_{|E|}\) in a network indicates that network temperature is not sensitive to the fluctuations of the number of packets in transmission and the number of one-hop data communication links, respectively. Furthermore, note that the network stability decreases when the network temperature increases, as stated by the following assertion:
With respect to packet transmissions in a network, the network robustness will decrease when \(C_P\) increases or \(C_{|E|}\) decreases and vice versa.
Because of hardware differences, we cannot simply say that a network with lower network temperature and absolute larger network-specific heat is more stable and robust than another network whose network temperature is high. Nevertheless, for the same network, Assertion 2 and Assertion 3 are rational conclusions.
The biggest difference between \(C_P\) and \(C_{|E|}\) is that \(C_P\) is a positive specific heat (refer to Theorem 2); and \(C_{|E|}\) is a negative specific heat (refer to Theorem 3). The physical meaning of the positive specific heat \(C_P\) is that a network’s temperature will increase if more packets in transmission are added to the network, whereas the negative specific heat \(C_{|E|}\) denotes that a network’s temperature will decrease if the edges, viz., the one-hop data communication links between nodes, are added into the network.
Positive specific heat is common in physics. However, negative specific heat is a rare phenomenon. An example of negative specific heat is that the temperature of a gravitational system will increase when the gravitational system keeps losing its mass and finally such a gravitational system will become a black hole with a very high temperature and great mass intensity. Likewise, in a network, if the data communication links keep being removed, then the network temperature will increase accordingly and finally no packets can escape such a network, which is also a network black hole for the packets.
The phenomenon mentioned above shows that thermodynamic temperature and network temperature have some inherent relationships. Without the reduction to absurdity indirect method, it is an impossible mission to prove a quite intuitive result such as the parallel axiom in geometry. It seems that continuing to remove the one-hop data communication links between nodes will reduce the entire network’s ability for packet transmissions is also an axiom that cannot be directly proved within the knowledge system of network communications. However, such a result is soundly proved by the theory of network temperature, which turns an empirical rule to a theorem.
4.4 Reliable Packets Routing
From the previous discussion, we know that network stability with respect to packet transmissions decreases when network temperature increases. Since each node has its own network temperature calculated through the subarea where the node is located, the packets routing mechanism should avoid crossing the already very hot nodes to prevent packets loss during transmission.
The notion of network temperature gradient defined in the article represents in which direction and at which rate the network temperature changes the most rapidly. To schedule the “coldest” route for a packet, each node can simply choose the next packet transmission hop along the cooling network temperature gradient. Clearly, such a method is a greedy algorithm that seeks the coldest packet path, and therefore the generated packet path is not assured to be the globally coldest route in the network. However, if the network temperature gradient function’s curve only has one spike, then the globally coldest packet route can be found, else only a local optimal cooling packets route is obtained.
Packet transmission along the network temperature gradient toward the cooling direction at each node results in a locally optimal reliable route.
4.5 Provenance Compression Assessment
Typical provenance information about an individual data packet contains the source that originated the data and the nodes that forwarded and/or aggregated the data. For instance, if a provenance includes any tampered nodes or undependable data aggregations, then the corresponding data item will be discarded or marked with a low trust level to restrict its use [21]. However, the provenance size expands rapidly with the increase in the number of packet transmission hops. In a large-scale network, a data item’s provenance size can be several times larger than the data item itself.
To ease the cost of provenance storage as well as of transmission, many compression approaches have been proposed to limit provenance size; we refer the reader to Reference [16] for a survey. However, to date there are no definitive results on the upper bound for provenance lossless compression. In Reference [8], an approach is proposed based on arithmetic coding. Under such an approach the encoded provenance is at most one bit longer than the provenance’s entropy. Because Shannon’s entropy is the upper bound of lossless compression in information theory, we believe that the approach in Reference [8] attains the upper bound already. Nevertheless, the later approaches [14, 15] achieve even higher lossless provenance compression rate, which is a surprising result.
One possible explanation for the above result is as follows: Under a given packet path’s probabilistic model, Shannon’s entropy is the upper bound of the lossless compression. The problem is that the packet path’s probabilistic model, which is the basis for Shannon entropy’s calculation, is not a static one but varies depending on the networks. Therefore, the provenance lossless compression upper bound is not a fixed value but a variable one related to changes in the network’s topology and network load.
Provenance compression and network temperature are connected through network entropy \(H\), where \(H\) represents the unknown information about \(k\) packets distribution among \(|E|\) edges in a network (see Definition 2). On average, the number of bits that \(H\) can assign to a packet is as follows: (16) \[\begin{equation} \eta =\frac{H}{k}=\frac{H(|E|,k)}{k}. \end{equation}\]
Furthermore, the rate of the increase of \(H\) with respect to the increase in \(k\) is modeled by the following the analytic expression: \[\begin{equation*} \frac{\Delta H}{\Delta k} \approx \frac{\partial H(|E|,k)}{\partial k} , \end{equation*}\] where the right part is approximately equal to \(1/T\); \(\Delta H\) and \(\Delta k\) are incremental quantities of \(H\) and \(k\) at duration \(\Delta t\), respectively. Therefore, \[\begin{equation*} \eta \cdot k = H = \int _{\Delta t} \frac{\partial H(|E|,k)}{\partial k} dk \approx \int _{\Delta t} {\frac{1}{T}dk} \end{equation*}\] (17) \[\begin{equation} \eta \approx \frac{1}{k} \int _{\Delta t} {\frac{1}{T}dk}. \end{equation}\]
According to Equation (17), \(\eta\) represents the average provenance length in the network, because the physical meaning of \(H\) is the minimum number of bits for describing a packet path in the network. Furthermore, Equation (17) provides the mathematical function modeling the dependency of \(\eta\) on \(T\), which also implies the relationship between the provenance lossless compression and the network state defined by network temperature at a given time. In short, we have the following assertions:
For a given lossless compression provenance encoding scheme, the average provenance size in a network will increase when the network temperature increases.
An increase in network temperature would then indicate that more bandwidth and storage space are required for provenances’ transmission and storage, respectively. From this point of view, a low network temperature is to be preferred while the received data need to be assessed with respect to trustworthiness.
Because network temperature is an ensemble of network topology and network load that determines the probabilistic model for provenances’ lossless compression, we have the following assertion:
The upper bound of lossless provenance compression is the provenance’s Shannon entropy in the light of the current network temperature.
5 EXPERIMENTS
In this section, we show how to measure network temperature on different networks. Furthermore, to show that network temperature has a better performance for detecting DDoS attacks and can be used to rank nodes importance according to network load changes, experimental results on publicly available datasets are presented.
5.1 Network Temperature Measurement
Network temperature measurement is classified as both direct measurement and indirect measurement, where direct measurement is when all the required parameters are directly provided by a network for the network temperature’s calculation; indirect measurement is when some required parameters need to be indirectly measured before the network temperature can be calculated.
5.1.1 Direct Measurement.
Assume that all the parameters required to calculate network temperature can be found in a time-dependent packets transmission matrix, Equation (18), in which rows correspond to packet origins and columns to packet destinations in one hop. In addition to \(a_{ij}=\phi\) representing no one hop connection from \(n_i\) to \(n_j\), the other entries in the matrix are non-negative integers representing the number of packets being transmitted since the time \(t_0\). (18) \[\begin{equation} {\bf \emph {M}}(t) = {\lbrace {a_{ij}}\rbrace _{n \times m}} \end{equation}\]
The initial matrix is \({\bf \emph {M}}(t_{0})\), in which \(a_{ij}=0\) if \(n_i\) and \(n_j\) are connected by a directed edge \(e_{ij}\) in the network topology, otherwise \(a_{ij}=\phi\).
By using data \({\bf \emph {M}}(t)\) and \({\bf \emph {M}}(t+\Delta t)\), the network temperature can be approximately calculated through Equation (9).
On a network with a few routers, e.g., Internet, \({\bf \emph {M}}(t)\) can be derived from the network’s routing matrix. On a network with a central node, e.g., a wireless sensor network (WSN) that has a base station (BS), building \({\bf \emph {M}}(t)\) requires all the provenances, which include each packet path with a timestamp at the BS.
5.1.2 Indirect Measurement.
If the time-dependent packets transmission matrix \({\bf \emph {M}}(t)\) is not available, then the indirect measurement approach needs to be adopted.
On a network that uses SDN technology, the data plane can be programmed to collect the information such as packets routing, data links active frequencies, and network topology changes, which indirectly provide all the parameters required for the network temperature’s calculation. In our lab, we have utilized P4 and ONOS together to collect such information. We refer the interested readers to ONOS+P4 Tutorial at wiki.onosproject.org for further details.
On a distributed network without any historical packet routing information, a packet paths sniffing approach is needed. In our lab, we have devised an apparatus, called
5.1.3 Experimental Results on Temperature Measurement.
To carry experiments about the indirect measurement of the network temperature, we have used a WSN testbed from our previous work [14] is reused in here. In this testbed each Zigbee node has a TI CC2530 microcontroller, 2.4 GHz radio, 8 KB RAM, and 256 KB flash for data logging, and one of them was used as the BS and connected to a laptop computer through a USB port. We placed the testbed in an indoor environment (area of size \(15 \times 10\) m\(^2\)) and set the transmission power to the minimum level to ensure multihop communications (see Figure 3(a)). Our network temperature–independent measurement apparatus,
Fig. 3. (a) experiment testbed; (b) network temperature thermometer TM (from left to right: battery, Raspberry Pi); (3b) Zigbee sensor node, Dongle).
To perform both direct measurement and indirect measurement on the same testbed, we used a simple provenance scheme [16] to record packet trajectories and let each node keep the latest 200 provenances for the packets originated at or passed through the node.
Figure 4(a) reports the network temperature from testbed experiments through direct measurement. Compared with the numerical results in Figure 2(b), the curves in Figures 4(a) and 2(b) have almost the same trend. Figure 4(b) reports the specific heat \(C_P\) at testbed experiments through direct measurement. Compared with the numerical results in Figure 2(d), the curves in Figures 4(b) and 2(d) share almost the same trend.
Fig. 4. (a) the network temperature measured by the direct measurement; (b) the network-specific heat with packets measured by the direct measurement; (c) the local network temperature scaled by the indirect measurement.
Figure 4(c) reports the local network temperature at a node with respect to packet transmission with 1, 2, and 3 hops through indirect measurement by
Because
5.2 DDoS Detection
As shown in Equation (8), network temperature is decided by the network entropy’s changing rate. When we treat the network entropy changes as a dynamic system, the changing rate is the acceleration of network entropy. Although network entropy is a well-known index for DDoS attacks, some of them cannot be directly detected, because the network entropy changes are too small within an observation time window. Hence, we are inspired to use network temperature that is more sensitive to network entropy changes to detect those DDoS attacks.
To show that network temperature has a better performance in detecting some of DDoS attacks, we experimentally compared our proposed network temperature (NT) with approaches based, respectively, on: information entropy (IE), generalized information entropy (GE) [19], generalized information divergence (GID) [2], and cross entropy (CRE) [19]. Our experiments were carried out on a dataset of publicly available network intrusion detection data, downloaded from www.unb.ca/cic/datasets. The topology of the test network can be found at www.unb.ca/cic/datasets/ids-2018.htm ; and the detail information of those attacks can be found at iscxdownloads.cs.unb.ca/iscxdownloads/ISCX-SlowDoS-2016/attacks.txt. All the network temperatures in the experiments are scaled through the direct measurement.
Let \(P=\lbrace p_1, p_2, \ldots , p_n\rbrace\) and \(Q=\lbrace q_1, q_2, \ldots , q_n\rbrace\) denote IP address probability distributions in the test data, where \(\sum \nolimits _{i = 1}^n {{p_i} = \sum \nolimits _{i = 1}^n {{q_i}} = 1}, n\in \mathbb {N}^{+}\). IE, GE, GID, and CRE are generated as follows:
IE. It is calculated by Equation (3) in Section 2.2, where \(b=2\).
GE. It is generated by Equation (19). \[\begin{equation} {H_\alpha }(x) = \frac{1}{{1 - \alpha }}{\log _2}\sum \limits _i^n {p_i^\alpha },\alpha \ge 0 \end{equation}\]
Note that in Equation (19) \({H_1}(x)= -\sum \nolimits _i p_i {\log _2} {p_i}\), viz., GE degrades to IE when \(\alpha \rightarrow 1\).
GID. It is generated by Equation (20). \[\begin{equation} {D_\alpha }(P||Q) = \frac{1}{{1 - \alpha }}{\log _2}\sum \limits _{i = 1}^n {p_i^\alpha q_i^{1 - \alpha }} ,\alpha \ge 0 \end{equation}\]
Note that in Equation (20) \({D_1}(P||Q) = \sum \limits _{i = 1}^n {{p_i}{{\log }_2}\frac{{{p_i}}}{{{q_i}}}}\), viz., GID degrades to relative entropy when \(\alpha \rightarrow 1\). In this article, \(\alpha =15\), which is an empirical data recommended by Reference [2].
CRE. It is generated by Equation (21). \[\begin{equation} H(P,Q) = - \sum \limits _{i = 1}^n {{p_i}{{\log }_2}{q_i}} \end{equation}\]
In the test data, there are two different kinds of attacks: (1) High-volume HTTP attacks, which include DoS improved GET (goldeneye), DDoS GET (ddossim), and DoS GET (hulk); (2) Low-volume HTTP attacks, which include slow-send body (slowbody2), slow send body (rudy), slow send headers (slowloris), slow-send headers (slowheaders), and slow-read (slowread).
The key metrics for comparing these techniques is how early they can correctly identify the attack.
All test data are in the pcap format. We first convert those pcap data into the csv format by Wireshark and then use Python to analyze them. IE, GE, GID, CRE, and NT are first encoded as Python libraries. Due to page limits, we only choose the goldeneye of High-volume HTTP attacks and the slowloris of Low-volume HTTP attacks to show that network temperature has a better performance in detecting them. Goldeneye sends large numbers of HTTP Get requests to exhaust the targeted web servers. Slowloris opens multiple connections to a targeted web server and keeps them open as long as possible by continuously sending partial but never actually completes HTTP requests, which depletes the available connections on the web server.
Figure 5 shows the curves of IE, GE, GID, CRE, and NT for the glodeneye attacks. As shown in Figure 5(e), there are two clear spikes in the curve of NT; the first one indicates that the glodeneye attack happens at about 160th second after the starting point in the test data, and the second one indicates that a flash event [19] happens at about 490th after the starting point in the test data. Although in Figure 5(d) CRE also shows some clear spikes, no spike can be observed during the interval when goldeneye happens, which means that CRE has a lower accuracy in detecting the goldeneye attack.
Fig. 5. Information entropy (IE), generalized information entropy (GE), generalized information divergence (GID), cross entropy (CE), and network temperature (NT) for goldeneye attacks. (a) curve of IE; (b) curve of CE; (c) curve of GID; (d) curve of CRE; (e) curve of NT, where the first spike indicates the goldeneye attack and the second spike indicates a flash event.
Table 1 lists a series of key data segmentations shown in Figure 5, viz., the two peak values of NT and their four neighbor values, where the starting point of the time is the 10,145th second in the above test data, and all the indicators were renewed every 5 seconds; the subscript \(cr\) of an indicator denotes the indicator’s changing rate in the current time window. According to the goldeneye marks in the test data, the empirical valve for goldeneye attacks detection is NT\(_{cr} \ge 20\).
Table 1. The Values of IE, GE, GID, CRE, NT and their Changing Rates
Figure 6 shows the curves of IE, GE, GID, CRE, and NT for the slowloris attack. Since every HTTP request has a certain duration, to keep occupying the available connection on the targeted web server, the slowloris attack will periodically renew the uncomplete connections as shown in Figure 6(e), where the curve of NT accurately reflects such a period characteristic of the slowloris attacks. Although the curve of GID also shows such a period, the calculation of NT using Equation (7) has a much higher efficiency than that of GID using Equation (20).
Fig. 6. Information entropy (IE), generalized information entropy (GE), generalized information divergence (GID), cross entropy (CE), and network temperature (NT) for slowloris attacks. (a) curve of IE; (b) curve of GE; (c) curve of GID; (d) curve of CRE; (e) curve of NT, which shows the clear period of slowloris attacks.
In addition to the time starting point, all the data shown in Figure 6 were calculated as the ones in Table 1. To use the slowloris marks, the starting point is selected as the 55,205th second in the test data. Note that visualization is a better way to illustrate data’s period than data themselves; the data lists are then omitted in here.
As a general conclusion, if a network event causes very small network entropy changes rate and/or no clear period can be observed from such network entropy change rates, then such a network event cannot be detected by the network temperature–based methods.
5.3 Node Importance Ranking
To show that network temperature can be used to rank the nodes importance with respect to network load changes, we use the Abilene network’s historical data downloaded from maths.adelaide.edu.au/matthew.roughan/data/ as an example, where the same dataset was used in Reference [22]. Here, a node’s importance is defined as its influence on the other nodes under the current network load [23]. The topology of Abilene network is shown in Figure 7.
Fig. 7. The topology of Abilene network, which provides 24 weeks of 5-minute averages, 12 routers (12 \( \times \) 12 matrices).
We calculated the network temperature for each node through the first day’s data in the dataset. The duration of the calculation is 5 minutes, which is the minimum update duration provided in the dataset. For page limit, only the network temperatures in three time slots are provided in Table 2: (1) middle night, from 00:00 to 00:55; (2) morning, from 09:00 to 09:55; (3) afternoon, from 15:00 to 15:55, where in each row the nodes are listed in descending order according to their network temperatures. For example, the first row of Table 2 indicates that at the time 00:05 AM, node \(n_{12}\) has the highest network temperature followed by the nodes \(n_{11}\), \(n_{6},\ldots , n_{1}\).
Table 2. Node Importance Ranking According to the Node’s Network Temperature
When we use network temperature to measure a node’s importance in the Abilene network, Table 2 shows that a node’s importance varies with the network load changes. For comparison, we used two different approaches for determining the centrality of the nodes: an approach based on CC (Closeness Centrality) measurement and an approach based the EC (Eigenvector Centrality) measurement. The first identified node \(n_2\) is treated as the most important one, whereas the second identified node \(n_6\) is treated as the most important one. We note that those two approaches only use the network’s topology and thus are unable to take network load changes into account.
To judge Assertion 1 in Section 4.2, viz., with respect to packet transmissions in a network, a node with a high network temperature is more important than a node with a lower network temperature, the Susceptible-infected (SI) model, which was used as a reference model for the effectiveness of nodes ranking methods [23], is applied. Our SI model test results on the same dataset validate the insight that a node with higher network temperature is more important than another node with low network temperature. Furthermore, a group of nodes with higher average network temperature is more important than another group of different nodes with low average network temperature.
6 CONCLUSIONS
We propose the novel concept network temperature together with the notions of network-specific heat and network temperature gradient. The properties and applicability of network temperature, network-specific heat and network temperature gradient are systematically analyzed in the article, with conclusions supported by the numerical and/or the experimental results. As future work, we plan to explore other applications of our novel network measurement and management framework.
ACKNOWLEDGMENTS
Our graduate students Mr. Yao Wei and Ms. Qian Chen helped with some of the experiments in the article.
- [1] . 2016. Pathseer: A centralized tracer of packet trajectories in software-defined datacenter networks. In Principles, Systems and Applications of IP Telecommunications (IPTComm). IEEE, 1–9.
DOI : https://doi.org/10.1109/IPTComm39427.2016.7780246Google Scholar - [2] . 2017. Detection of DDoS attacks and flash events using novel information theory metrics. Comput. Netw. 116 (2017), 96–110.
DOI : https://doi.org/10.1016/j.comnet.2017.02.015 Google ScholarDigital Library
- [3] . 2015. An entropy-based network anomaly detection method. Entropy 17, 4 (2015), 2367–2408.
DOI : https://doi.org/10.3390/e17042367Google ScholarCross Ref
- [4] . 2012. Experimental verification of Landauer’s principle linking information and thermodynamics. Nature 483, 7338 (
Mar. 2012), 187–189.DOI : https://doi.org/10.1038/nature10872Google ScholarCross Ref
- [5] . 1956. Science and Infromation Theory. Academic Press, New York, NY.Google Scholar
- [6] . 2017. Note on Von Neumann and Reńyi entropies of a graph. Linear Algeb. Appl. 521 (2017), 240–253.Google Scholar
Cross Ref
- [7] . 2018. UniROPE: Universal and robust packet trajectory tracing for software-defined networks. IEEE/ACM Trans. Netw. 26, 6 (
Dec. 2018), 2515–2527.DOI : https://doi.org/10.1109/TNET.2018.2871213 Google ScholarDigital Library
- [8] . 2014. Secure data provenance compression using arithmetic coding in wireless sensor networks. In IEEE 33rd International Performance Computing and Communications Conference (IPCCC). IEEE, 1–10.
DOI : https://doi.org/10.1109/PCCC.2014.7017068Google ScholarCross Ref
- [9] . 1961. Irreversibility and heat generation in the computing process. IBM J. Res. Devel. 5, 3 (
July 1961), 183–191. https://doi.org/10.1147/rd.53.0183 Google ScholarDigital Library
- [10] . 2019. Offloading real-time DDoS attack detection to programmable data planes. In IFIP/IEEE Symposium on Integrated Network and Service Management (IM’19). 19–27.Google Scholar
- [11] . 2001. Entropy, Von Neumann and the Von Neumann entropy. In John von Neumann and the Foundations of Quantum Physics. Springer Netherlands, Dordrecht, 83–96.
DOI : https://doi.org/10.1007/978-94-017-2012-0_7Google ScholarCross Ref
- [12] . 2009. NetQuest: A flexible framework for large-scale network measurement. IEEE/ACM Trans. Netw. 17, 1 (2009), 106–119. Google Scholar
Digital Library
- [13] . 2007. Uncertainty and information: Foundations of generalized information theory (Klir, G.J.; 2006). IEEE Trans. Neural Networks 18, 5 (
Sept. 2007), 1551–1551.DOI : https://doi.org/10.1109/TNN.2007.906888 Google ScholarDigital Library
- [14] . 2017. Sensor network provenance compression using dynamic Bayesian networks. ACM Trans. Sen. Netw. 13, 1 (
Jan. 2017).DOI : https://doi.org/10.1145/2997653 Google ScholarDigital Library
- [15] . 2016. Dictionary based secure provenance compression for wireless sensor networks. IEEE Trans. Parallel Distrib. Syst. 27, 2 (
Feb. 2016), 405–418.DOI : https://doi.org/10.1109/TPDS.2015.2402156 Google ScholarDigital Library
- [16] . 2016. Provenance for wireless sensor networks: A survey. Data Sci. Eng. 1, 3 (
01 Sep. 2016), 189–200.DOI : https://doi.org/10.1007/s41019-016-0017-xGoogle ScholarCross Ref
- [17] . 2015. An entropy-based distributed DDoS detection mechanism in software-defined networking. In IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 310–317.
DOI : https://doi.org/10.1109/Trustcom.2015.389 Google ScholarDigital Library
- [18] . 2001. Internet traffic measurement. IEEE Internet Comput. 5, 6 (
Nov. 2001), 70–74.DOI : https://doi.org/10.1109/4236.968834 Google ScholarDigital Library
- [19] . 2009. Using Renyi cross entropy to analyze traffic matrix and detect DDoS attacks. Inf. Technol. J. 8 (2009), 1180–1188.Google Scholar
Cross Ref
- [20] . 2019. Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput. 22, S4 (July 2019), 8309–8317.
DOI : https://doi.org/10.1007/s10586-018-1755-5Google ScholarCross Ref
- [21] . 2017. Trustworthy data: A survey, taxonomy and future trends of secure provenance schemes. J. Netw. Comput. Applic. 94 (2017), 50–68.
DOI : https://doi.org/10.1016/j.jnca.2017.06.003 Google ScholarDigital Library
- [22] . 2005. Network anomography. In 5th ACM SIGCOMM Conference on Internet Measurement. ACM Press, New York, New York, 317–330.
DOI : https://doi.org/10.1145/1330107.1330146 Google ScholarDigital Library
- [23] . 2020. A novel model to identify the influential nodes: Evidence theory centrality. IEEE Access 8 (2020), 46773–46780.
DOI : https://doi.org/10.1109/ACCESS.2020.2978142Google ScholarCross Ref
Index Terms
Network Temperature: A Novel Statistical Index for Networks Measurement and Management
Recommendations
Studies on network management system framework of campus network
CAR'10: Proceedings of the 2nd international Asia conference on Informatics in control, automation and robotics - Volume 2With the development of the computer network, and the great change in the demands of network management, any Network Management System is a process of development and perfection. Therefore, designing a rational system structure is the foundation to ...
Network Management Framework Based on Active Network Technique
CMC '09: Proceedings of the 2009 WRI International Conference on Communications and Mobile Computing - Volume 03The Active Networks approach has been presented as an alternative technology for solving several problems in conventional networks, mainly in the network management area. In this paper, we present an Active Network-based network management framework ...
A Use-Case Based Analysis of Network Management Functions in the ONF SDN Model
EWSDN '12: Proceedings of the 2012 European Workshop on Software Defined NetworkingThe concept of software-defined networking (SDN) recently gained huge momentum in the industry, driven mainly by IT companies interested in data center applications. In this paper, however, we apply SDN to the carrier domain, which poses additional ...













Comments