CMON

Acronym C’MON
Proposal title Collaborative Monitoring
Proposal title Métrologie Collaborative

Sommaire

Technical and scientific description of the activities

Rationale

The Internet is the aggregation of competing and independently-managed networks that rely on centralized services such as naming service (DNS) and address allocation to ease interaction. This distributed nature makes it difficult to identify the origin of performance degradations experienced by end-users. Internet Service Providers (ISPs) know what happens in their network, but they have no easy way to relate their observations to users’ experience. In addition, most ISPs would rather not admit they failed delivering services to their customer in order to avoid compensation or service comparison. End-users on their own have very limited tools to determine why they experienced degraded quality of service, how to fix it or who to blame for it.


An Internet user today is therefore lost in a hostile environment where ISPs do not cooperate together and where it is risky to trust information provided by its own ISP. Therefore, Internet users are left with only one option: cooperate in order to infer the origin of service degradations. This user-based collaborative approach is radically different from previous (ISP centric) monitoring projects for multiple reasons: (1) its goal is to identify service degradation experienced by users; (2) it makes the assumption that ISPs are not cooperative; (3) it builds on the model of user cooperation illustrated by the success of Grenouille (http://www.grenouille.com).


This industrial research project will develop the technology that is needed to allow end-users to collaborate in order to identify the origin and cause of Internet service degradation. The main differentiating assumptions we make in this project are that (i) ISPs do not cooperate together, and (ii) we cannot rely on any information they provide in order to diagnose service problems. Even more, we consider that these ISP will try to masquerade the user observations in order to make their service look better. The software designed in this project will be added to the toolbox currently provided by the Grenouille project. We hope that such a project will encourage ISPs to improve their quality of service and will contribute to improve customer satisfaction.

Background, state of the art, issues and hypothesis

The general context of this project proposal is that of end-users (connected to multiple ISPs) cooperating in order to perform root cause diagnosis of the quality of service degradation they experience. Such quality of service degradations can take the form of increased delay, reduced bandwidth or loss of connectivity.


Each participating end-user runs a C’MON monitor on its machine, in the same way they run the Grenouille toolbox today. This monitor performs the following tasks:

  • Identify and characterize service degradation through passive and active measurement techniques.
  • Exchange information with other users in order to identify the location and cause of service degradation
  • Track ISP behavior, in order to identify when the ISP try to hide the service degradation, and adapt its monitoring techniques accordingly.

The potential of user collaboration in performance analysis is illustrated by the “Grenouille” project. Grenouille.com is a non profit organization created in 1999 to provide a neutral and simple way to compare French high speed ISPs and inform end users. End users download the Grenouille free software, which allows them to measure the speed at which they can download from the Internet or upload to the Internet, the ICMP response time and packets loss, and whether connectivity outages occur. Grenouille currently does not exploit cooperation among Internet users, except that data collected by all end systems are exported and key statistics are computed per ISP and per geographical location, and published on the Grenouille.com web site. Such data already reveals that some networks are under-provisioned, and can help consumers decide which operator fits their needs the best. Grenouille designers report that a non-cooperative ISP behavior is the norm and not the exception. This behavior can take multiple forms:

  • Privilege Grenouille’s traffic in order to make numbers look good.
  • Block Grenouille’s measurement traffic.
  • Mask the problems affecting their network in order to make another ISP look bad.

Other similar services are available. For example, RIPE TTM (http://www.ripe.net/ttm/) and Keynote (http://www.keynote.com) are commercial monitoring services that collect statistics on network performance. They identify potential causes of service degradation. These systems do not rely on data collected at end users, but instead on their own monitors, which are deployed on the network of participating ISPs. The RIPE TTM project has recently been extended to monitor user’s access connections [40], similar in spirit to Grenouille. None of the current services take advantage of correlating measurements from multiple locations, which is the goal of C’MON.


C’MON relies primarily on active and passive monitoring techniques. Data collected by each user are merged in order to perform the most accurate diagnosis of service degradation. We now overview the most relevant work in the area of monitoring, which attracted lot of research in the last decade. Note though that C’MON is to the best of our knowledge the first research project to take an end-user approach to service degradation and fault diagnosis.


Measurements of properties of network paths

Activities related to network measurement methodology that are relevant to our project started in the mid 80's with the development of ping by Mike Muuss in 1983 and of traceroute by Van Jacobson in 1987. In 1993, Jean Bolot measures delays and losses between two end-users using periodic UDP packets [6]. In 1997, Vern Paxson uses traceroute to analyze the dynamics of Internet routes [29] and in 1999, he uses the PASTA (Poisson Arrivals See Time Average) property to send Poisson probes for analyzing packet transmission delays and losses [30]. The identification of strategies for sending probes leading to estimators with no bias and the smallest possible variance has been the object of a large number of research papers since then. In 2006, Baccelli et al. propose new probing strategies still characterized by the absence of bias, but with a variance smaller than that of Poisson probes [1].


In addition to delay, losses and routing dynamics, end-to-end measurements have allowed to deduce other properties of the monitored links, like available bandwidth or total link capacity or cross-traffic. In 1989, Jain proposes to identify the saturation of a link through an increase of delays in order to measure available bandwidth [20]. Van Jacobson [19], Downey [12] and Pásztor [28] propose methods for analyzing link capacities from the delays observed by packets of different sizes. Carter [7], Lai [24], Paxson [30], Dovrolis [11], Pàsztor [28] and Kapoor [21] use the dispersion of packet pairs to estimate the capacity of bottleneck links. Methods based on inversion techniques have also been proposed by Machiraju et al. It has been shown that these estimation problems are especially difficult in the case of multiple links over the end-to-end path.


These probing techniques have been extended in various ways and in particular in the direction of both time and space diversity. Time diversity consists in sending trains of probes rather than isolated probes. A typical example is Spruce [32] which estimates bandwidth over an Internet path by sending multiple pairs of packets and by comparing the delays between the two packets of each pair.


Network tomography

Network measurement based on spatial diversity, also known as network tomography, consists in sending several synchronized flows of probes from/to different nodes rather than a single flow. There are a number of tomography solutions to detect network internal characteristics such as topology [10], or individual link properties such as delay or loss [8], [13], [36], [43], [44]. “Boolean tomography” [14] aims at detecting the smallest set of failed links that explains a set of end-to-end observations on a tree topology. Steinder et al. [31] use a “belief network” to find the links that have the highest likelihood of being faulty. All these algorithms assume that the topology is completely and accurately known, and hence apply mostly to intra-domain scenarios. They also assume that the system has control of both the sender and the receiver of probes, which limits the set of paths that can be monitored. Other proposals to failure identification use Bayesian techniques [23], [22], [27].


In the absence of topology information, delay measurements among nodes have been used to calculate virtual coordinates for each node, that can be used later to infer the delay between any two nodes without the need to probe one of them from the other. Virtual coordinates can be seen as a way to model the topology of the Internet in a metric space. This has diverse applications, such as overlay construction and automatic service selection. Diverse approaches have been proposed to realize this modeling; some such as GNP [38] use a dedicated infrastructure of landmarks while others such as Vivaldi [39] use a completely distributed approach.


Routing measurements

Several measurement studies have also attempted to correlate end-to-end performance degradation with control-plane events. Feamster et al. [15] measure the location of path failures, their durations, and their correlation with routing protocol messages. More recently, Wang et al. [37] studied the causal effects between routing failures and end-to-end delays and loss rates, and the effect of topology, routing policies and BGP configurations on end-to-end performance. These measurement studies represent a significant contribution to understanding the causes of end-to-end performance problems in a multi-AS setting, but they do not propose algorithms to identify the location of failed links (or the AS in which the failed link resides).


In the area of inter-domain routing root-cause analysis, Feldmann et al. [17] used passive measurements of BGP update messages to find the root-cause of BGP-visible routing changes. This approach can only diagnose path failures that are visible at some BGP collection points. The issue of “cooperative troubleshooting” was first discussed by Teixeira [33] and Chandrashekhar [9]. Both works deal with identifying routing problems in a hop-by-hop fashion by mining a collection of IGP and BGP messages of each AS in the path. We do not consider techniques that rely on routing messages, because these messages are only available through cooperation with ISPs, and hence cannot be obtained or trusted in the case of hostile ISPs.


Path diagnosis

Tulip [41] and PlanèteSeer [42] are two deployed systems for Internet path diagnosis. Tulip [41] is an active measurement tool that an end user can download to detect and locate performance degradations on paths to any destination in the Internet. Tulip uses active probes to measure end-to-end packet re-ordering, loss, and queuing. Then, it localizes performance fault using TTL-limited probes (similar to traceroute).


PlanèteSeer [42] is installed at CDN nodes and monitors connections to the CDN, instead of end-user traffic. It detects faults passively, upon which it triggers traceroutes. Passive monitoring of TCP connections drastically reduces probing overhead, but it does not allow the system to control the set of monitored paths. C’MON will integrate passive monitoring of TCP connections when possible to reduce probing overhead.


Traffic anomaly detection

Traffic anomalies such as denial-of-service attacks and worms can be the cause of service degradation. C’MON will incorporate anomaly detection techniques, so that users can collaborate to detect and mitigate attacks. Anomaly detection has recently received a lot of attention. In SNORT, which belongs to the Intrusion Detection Systems (IDS) family, each packet is matched against a complex set of rules in order to detect its anomalous nature. The IDS approach has been very successful against known attacks but is often inefficient against new attacks. Zou et al [35] proposed a “behavioural” approach to worm detection. Namely they tuned a Kalman filter to detect the infection phase of a worm using a model borrowed from the human viruses’ dissemination. This model does not match a particular worm but is instead targeted to a behavior shared by many worms. This method effectively detects worms never seen before. Some other methods do not include any a priori on the anomaly to detect. They only tag as aberrant any large deviation from a predefined model. As an example Barford et al. [4] uses a combination of wavelet and variance analysis to detect abnormally high volume of traffic flowing through their Internet connection. Lakhina et al [25] introduced the concept of network-wide anomaly detection. Instead of looking at each link independently, all the links are analyzed simultaneously. The network-wide view of the network correlates measurements from many points to detect smaller-scale attacks.


Related national projects

Network measurement has been explored by different RNRT-ANR projects. In 2001 an exploratory project, Metropolis, modeled on the pioneering work performed at Sprintlabs, started to collect both active and passive measurement from various observation points in academic networks. This project explored the important question of how to monitor today’s high-speed networks. Inside this project the last work package, “Mesure de SLA et tarification”, gave some initial recommendation on how to measure SLAs.


Shortly before the end of Metropolis, the French ministry of research labeled a new project called Metrosec. The goal of this project was to improve the robustness and insensitivity of the networks with respect to disruptions in traffic characteristics and topology, so that the quality of service experienced by the vast majority of the legitimate traffic remains unaltered, even in the case of an attack. They studied different attacks generated by the participants of the project. Furthermore, they provided a thorough signal analysis of the anomaly, leaving the study of the service degradation experienced by the customer for later work.


OSCAR (Overlay Network Security, Characterization and Recovery) is an on-going French RNRT project. It aims at identifying the possible attacks against overlays, their impact on both the overlay and the underlying network, and then techniques for their detection and isolation. This project shares the notion of service degradation with C’MON but is specific to overlays and to anomalies caused by attacks and malicious behavior.

 

The MAGDA and MAGDA 2 RNRT projects (1998-2001) were focused on alarm correlation, supervision and diagnostic techniques, knowledge acquisition and distributed algorithms for monitoring telecommunications networks. These two projects were primarily focused on SDH networks and had an operator-centric view point of the alarm correlation problem.


What radically differentiates C’MON from these earlier projects is that it is 100% end-user based. In C’MON, we do not rely on any measurements taken inside the network. We assume by default that the ISPs are non-cooperative or even hostile, and we rely only on end-user measurements to perform diagnosis of network behavior.


Scientific challenges

The scientific challenges to be addressed by this project are the following:

  1. Elaborate techniques to monitor network paths that allow accurate evaluation of properties such as bottleneck bandwidth, spare capacity, delay, and availability; while introducing negligible measurement load.
  2. Design a collaborative overlay among users, such that the observations made by the overlay are enough to infer the state and the load of individual network elements. This inference will rely on network tomography techniques. Moreover, these techniques will have to be scalable to large populations of participating users and work even when ISPs are hostile.
  3. Design collaborative filtering techniques to allow users to share their observations of unwanted / suspicious traffic. As a result, users will be able to block attacks or misbehaving traffic earlier and more accurately.
  4. Detect non cooperative ISPs and correct the induced measurement bias to enable the diagnosis of anomalies across multiple ISPs.

Specific aims of the proposal, highlighting the originality and the novelty

The previous section identifies the scientific challenges and goals of C’MON. We expect to make fundamental progress in the area of Internet service quality monitoring and management techniques. This project takes a radically new and fundamentally different approach to the problem of network troubleshooting, with a very high potential to change the way ISPs behave and to improve customers experience of Internet services.


As we explained previously, a user-centric approach to network troubleshooting has many benefits. It is however not entirely antagonistic with an operator-centric approach. In fact, an ISP could deploy the mechanisms that we will develop in C’MON in Internet home gateways (such as TriplePlay gateways) at its customer premises, and thereby offer its customers a better experience and a “managed” troubleshooting service. However, we do not believe that such initiative will come spontaneously from the ISPs. We believe that the user-centric approach proposed in C’MON could have a considerable impact, by enabling:

  • Technical advances in single-user and overlay measurements;
  • better user experience of Internet services;
  • finer-grained contracts (or SLAs) between users and their ISPs;
  • deployment of new Internet services in the tripleplay area in particular;
  • development of new businesses around Internet management;
  • efficient monitoring of the Internet.

C’MON involves Grenouille, the most advanced experimental system in user-based Internet performance evaluation. Grenouille has a solid experience in user-based performance evaluation, with over 100,000 users participating daily. This is a strong asset of this project. Most partners are leaders in measurement-based research. They have access to data from multiple networks, simulators and experimental platforms that can be used to validate the C’MON system designs.


C’MON will start by a work package (WP0) to define the architecture of the system. In this WP, partners will identify the network properties to be measured at each end system, and the metrics and monitoring techniques that can be used in order to quantify these network properties. This WP will lead to three major functional blocks (and work packages, WP1-WP3), each of them representing different scientific challenges:

  • Design and implement end user initiated monitoring techniques using both active and passive techniques (WP1).
  • Design and implement cooperative monitoring techniques in order to perform the most accurate possible performance diagnosis at minimal cost in the presence of non cooperative ISPs (WP2).
  • Design and implement a module to detect the behavior of the ISP (WP3). From Grenouille’s experience, we expect ISPs to use two main types of “attacks” against our troubleshooting system: (1) prevent us to perform our troubleshooting by blocking our probes, (2) trick our performance evaluation (making them look better, or shifting the blame for poor service to another ISP).

Last, we will combine all these building blocks in a troubleshooting toolbox that will be integrated to the current Grenouille performance evaluation service (WP4). We will finally collect data and analyze the correctness of our troubleshooting system.

Progress beyond the state of the art and relevance to the call for proposals

Progress

The quality of service experienced by an Internet user is the result of a complex interaction of many protocols, services and systems. Given the absence of sophisticated management on the Internet, it is difficult both for ISPs and users to diagnose the cause of service degradation. In addition, ISPs are not ideally placed to perform such diagnosis. They have (1) a commercial incentive not to do it (or reveal its conclusions) and (2) they lack information on quality of service experienced by end-users.


In C’MON, we design a user-based network management and performance diagnosis infrastructure. C’MON increases the availability of the network by combining three complementary approaches:

  • Spatial inference using tomography methods and a collaborative overlay. The self-organized network is responsible of measuring the end-to-end path performance between different nodes. This overlay runs distributed algorithms and infers internal network properties such as available bandwidth, link availability or delay, using exclusively user-centric representations of the network.
  • Temporal traffic analysis to identify the threats against the measurement overlay. Every day, a new worm is released, a new spam technique bypasses the most accurate spam filters, new phishing campaigns gather private information. We will use the overlay in combination with privacy-preserving multi-set computation techniques to identify threats and protect the end users.
  • Measurement robustness against hostile service providers is an important component in such competitive environment. The Internet Service provider neutrality will be measured to ensure that the probes are not altered.

Relevance to the call

C’MON is perfectly in line with the first, third and fourth axes of the call. The importance of a user-centric approach is emphasized in the first axis. C’MON develops a new monitoring service that gives a central role to end users. In particular, Topic 1.3 of the call explicitly references methods for management, monitoring, and fault diagnosis. A monitoring system like C’MON is an essential step for self-organizing and self-management architectures highlighted in Topic 3.1 of the call. These self-organizing systems need exactly the knowledge of the network that C’MON will provide. Finally, C’MON takes particular care to develop monitoring techniques that are robust to hostile ISPs and that help users detect attacks and collaborate to defend against them. These robustness and security properties are the focus of the fourth axis.

Detailed description of work

Work package list


WP #
Title Leader # Lead name
Person/ months
Startmonth
Endmonth
0
Analysis of the design space. 4 INRIA
27
t0
t0+6
1
End-host monitoring techniques 2 ENS
57
t0
t0+24
2
Collaborative monitoring 3 LIP6
65
t0+6
t0+30
3
Inconsistent diagnosis detection 1 THOMSON
38
t0+6
t0+30
4
Integration 5 GRENOUILLE
49
t0+24
t0+36
TOTAL
236

The work will be divided into five work packages. WP0 exhaustively identifies the metrics of interest, the existing monitoring techniques for each metric, and how ISPs can bias these measurements. This work package delineates the design space of the techniques that will be developed in WP1, WP2, and WP3. WP1 will focus on point-to-point techniques, or techniques to measure path properties from one end host to another. WP1 can start at t0 some of the measurement and inference techniques are already know. Once WP0 identifies the need for new techniques, they will be incorporated in WP1.

WP2 and WP3 run in parallel. In contrast to WP1, WP2 focuses on collaborative measurements, or measurements among a set of end hosts organized in an overlay. WP3 elaborates techniques to detect whether the ISP hostile. WP4 will integrate the techniques developed in C’MON on the grenouille.com toolbox. It will define the control loop that uses information about the behavior of the ISP obtained used the techniques from WP3 to identify with the techniques from WP1 and WP2 are better suited to obtain the most accurate results with the least overhead. There is an overlap between these work packages as the integration will certainly enrich and help improving the different monitoring techniques.


WP 0: Analysis of the design space.

Start date: t0
End date: t0+6
Participant number
1
2
3
4
5
Participant name
Thomson
ENS
LIP6
INRIA Planète
Grenouille
Person-months per participant
6
6
5
4
6
Objectives


The objective of WP0 is to identify the list of techniques that can be used to measure “service quality” metrics and troubleshoot service degradations. We will survey the state of the art on end-to-end and collaborative measurements to infer each metric of interest. WP 1 and WP 2 will enhance, combine these techniques, and create new ones when needed. We will also study the robustness of each of measurement technique to a hostile ISP.

Task 0.1: Survey of end-to-end and collaborative measurement techniques

Partners: LIP6, Thomson, INRIA, ENS, Grenouille


Start date: t0+0 End Date: t0+6

The output of this task will be a four-dimensional matrix of measurement techniques:

  1. The first dimension lists all metrics of interest. Examples of metrics are end-to-end delay, reachability, bottleneck capacity, and topology. Defining the full list of metrics is also part of this task.
  2. The second dimension will capture all available techniques to measure each metric. For instance, one can measure end-to-end delay actively by sending a ping probe, passively by observing TCP connections, or in a collaborative fashion as done with a virtual coordinate system.
  3. The third dimension represents techniques to identify service degradations in each metric. Say that an end-to-end path experiences extremely high delay, it is possible to identify the link responsible for the high delay by doing traceroute-like probes or by combining measurements of multiple paths and using network tomography techniques.
  4. The fourth dimension will enumerate how a hostile ISP can bias each measurement technique. For example, an ISP that wants the delay of our probes to look better than the delay experienced by regular user’s traffic may give higher priority to our ping probes, but it would be harder to prioritize all TCP connections. In this case, passive measurements are clearly more robust than active.

Controlling the risk:


We could not identify any risk on this WP. All partners already have a good knowledge of measurement techniques and Grenouille has a lots of experience with hostile ISP behavior.


Deliverables

D0.1 (month 6): Survey of end-to-end and collaborative measurement techniques

Milestones and expected result

M0.1 (month 6): End of matrix of measurement techniques

WP 1: End-host monitoring techniques

Start date: t0
End date: t0+24
Participant number
1
2
3
4
5
Participant name
Thomson
ENS
LIP6
INRIA - Planète
Grenouille
Person-months per participant
18
12
13
10
4
Objectives


This work package focuses on measurement and inference techniques to be implemented locally on end-user machines. We shall design measurement strategies for end-users, and statistical inference techniques to estimate quantities of interest from such measurements. We shall in particular consider the inference of end-to-end delay, packet loss rate, available bandwidth (on both the up-link and the down-link), network topology and reachability.


Such local inferences done by end-users can then be combined together to perform further inferences; this is the object of WP2. WP1 thus provides the building blocks of WP2.


We shall explicitly measure how such performance indices vary from one application to another. This first serves the purpose of identifying the “best” possible performance in the absence of any application-specific bias. Furthermore, this will be leveraged in WP3 to identify whether ISPs apply differential treatment to distinct traffic flows or whether on the contrary they are “traffic-neutral”.


We shall specify passive and active measurements to be exploited at end-users. We shall jointly develop inference techniques that yield estimates with small variance, and little bias. Particular care will be taken to remove bias caused by the extra probing traffic generated by active measurements.



Task 1.1: Development of direct measurement techniques

Partners: LIP6, Thomson, INRIA, ENS, Grenouille


Start date: t0+0 End Date: t0+12

We aim to design passive and active measurements of primary metrics of interest such as end-to-end delays to a given network element, packet loss rate on the path to this network element, topological information, and reachability information.

We shall specify which passive measurements to exploit, that is which observations of end-users’ traffic to leverage.

We shall further define active measurements strategies that achieve a good trade-off between the amount of extra traffic they generate and the accuracy of the information they provide.

To this end, we shall characterize the accuracy of these techniques with respect to clock accuracy, OS interactions, and underlying transport protocol.


Task 1.2: Development of statistical inference techniques

Partners:Thomson, ENS


Start date: t0+6 End Date: t0+24

Our aim in this task is to extract locally at the end-user useful information from the measurements defined in Task 1.1.

From these direct measurements, we shall develop techniques to infer properties of interest such as the residual bandwidth, amount of cross traffic, number of competing users, fine-grained network topology, and load on the DSLAM. We shall also characterise the accuracy at which such inference can be performed locally. This will pave the way to WP2, where better accuracy will be achieved by combining local inferences from multiple end-users.


Task 1.3: Evaluation of application-specific bias

Partners: LIP6, Thomson, ENS, Grenouille


Start date: t0+12 End Date: t0+24

Our aim here is to characterize the bias introduced in direct measurements by the underlying transport protocol (e.g. TCP or UDP), or by the application (e.g. peer-to-peer file sharing or FTP). We will design protocol models and analyses to remove the bias introduced by one protocol against another. As a result we will be able to characterize performance under one protocol based on measurements under another.

We will specify multi-application measurements and inference tools to determine whether an application receives better throughput than another, all things equal besides. This will pave the way for WP3, where such information will be leveraged to determine how ISPs prioritize distinct traffic types.


Controlling the risk:

The known “debiasing” techniques for data collected by probes often rely on some form of complementary measurements made by the ISP. A new theoretical framework will have to be designed to cope with the situation where the ISP is 'non-cooperative' and where such complementary data is not directly available.


Deliverables

D1.1 (month 12): Description of direct measurement techniques and corresponding primary metrics.

D1.2 (month 24): Description of inference techniques for metrics of interest.

Milestones and expected result

M1.1 (month 18): Identification of metrics that can be locally inferred.

M1.2 (month 24): Identification of bias- and variance- efficient inference techniques.

WP 2: Collaborative monitoring

Start date: t0+6
End date: t0+30
Participant number
1
2
3
4
5
Participant name
Thomson
ENS
LIP6
INRIA Planete
Grenouille
Person-months per participant
24
12
15
10
4
Objectives

This work package will design a collaborative monitoring overlay to diagnose service degradations. Not all service degradations are due to poor performance of the network; some problems may happen because the user’s traffic is competing with unwanted traffic (for instance, the user’s machine may be subject to an attack, or it may participate in a peer-to-peer network that is consuming too much of its bandwidth). We will construct a collaborative overlay that addresses both of these types of problems. This collaborative overlay will evolve from the current Grenouille software, which has servers located at a management site and multiple agents that run at end hosts. WP 1 will enhance agents to collect a new set of path properties with the least overhead. WP 2 focuses mainly on the tasks of the server to combine these measurements efficiently. It will develop:

  1. Mechanisms that each server will apply to configure agents to detect service degradations and communicate measurements back to the server. The challenge is to minimize measurement overhead without sacrificing detection speed and accuracy. Similarly, it is important to minimize communication with the server without losing identification accuracy.
  2. Algorithms that the server will use to process combined measurements from all agents and identify the origin of a performance problem. We will use network tomography to explore the spatial correlation among measurements of paths from different agents.
  3. Algorithms to identify unwanted traffic that impact the user’s experience, and mechanisms for collaborative filtering of unwanted traffic. Identification of unwanted traffic will rely on statistical techniques to detect any pattern that deviates significantly from the global traffic pattern. Agents will send appropriate information about unwanted traffic to the server, which will then process and distribute this information to protect end users from emerging threats.

All algorithms and mechanism developed in WP 2 will be implemented and evaluated in small-scale deployment using the VINI emulation platform and the PlanetLab and OneLab testbeds, before they are integrate in Grenouille in WP 4. The evaluation of the collaborative monitoring overlay will include the study of the compromise between the benefit and the complexity.

Task 2.1: Detection of service degradation

Partners: LIP6, Thomson, INRIA, ENS


Start date: t0+6 End Date: t0+18

The server must configure agents to perform a set of measurements, detect service degradations, and then feed relevant information back to the server. This task will design the logic that the server uses to configure agents. The server will use the techniques developed in WP 3 to determine whether the ISP is hostile and chose which measurements to make accordingly. One important concern in this task is scalability. If the number of agents in C’MON is large, the number of potential paths to monitor can be prohibitively high. This task will develop algorithms to select the set of paths and metrics to measure to ensure fast detection and accurate identification of the origin of performance problems. The measurements obtained from this task will be used in the rest of this work package.


Task 2.2: Identification of the origin of service degradations

Partners: LIP6, Thomson, INRIA, ENS


Start date: t0+12 End Date: t0+30

Once the server collects measurements from agents, it has to correlate them to identify the origin of service degradations. For instance, the congestion of one link in a network will cause a delay increase for all probes crossing that link. Given the set of delayed probes, one can invert the problem and localize the congested link. This example illustrates the main idea behind network tomography, which we will apply in this task. Although there have been many previous studies in network tomography, they often make a number of assumptions that are not valid in our environment, for instance: the knowledge of the network topology, control of the source and destination of probes, and synchronization between probes. In addition, given the large number of potential paths to probe, it is unreasonable to actively probe them all. So, we will have to develop techniques that can work with partial and passive observations. We will use virtual-coordinate systems, which provide an efficient approach to reduce the number of probes. This task will also develop the server’s logic to correlate the traffic statistics reported by agents to detect unwanted traffic. For example, the release of a new worm should trigger an alarm because there will be a significant increase on the traffic to the port used by the worm to infect other machines.


Task 2.3: Collaborative filtering of unwanted traffic

Partners: Thomson


Start date: t0+12 End Date: t0+30

The aim of this task is to provide the end users with a technique to protect themselves against unwanted traffic such as worms or scans. It will develop the technique to distribute the traffic information gathered in the task 2.2. Agents can then check the offender list to allow or discard any suspicious traffic. This approach is similar to blacklists used to block spam. We propose to generalize these blacklists by establishing them and using them across multiple applications or services. Ideally, we would like any end user involved in the collaborative monitoring to participate in the creation of this list. This raises interesting research problems. In particular, it is important to provide some degree of privacy to end-users. At the same time, the blacklist construction should be done sufficiently fast to be effective. We will explore mechanisms that provide a good privacy preservation / protection efficiency trade-off by sharing by controlling the information shared among users and the server.


Controlling the risk:

The main risk of this WP is the lack of ground truth on faults and performance degradations. Without ground truth, we cannot validate that our inferences are correct. To avoid this problem we will test and tune our algorithms using the VINI emulation platform. VINI allows us to deploy real software over a real network, and yet inject failures, losses, and delays. Another risk is the lack of data to study the potential of passive monitoring and collaborative filtering. Thomson already has access to traffic data from two research networks (the US and European research backbones) and from its own enterprise network. These datasets provide enough information to develop and test the techniques proposed here. Finally, both LIP6 and INRIA-Planete are part of the OneLab project. We will use the OneLab testbed to test our techniques, before integrating them with Grenouille.


Deliverables

D2.1 (month 30): Report on algorithms for collaborative monitoring and filtering.

Milestones and expected result

M2.1 (month 24): End of the creation of the tomography and collaborative techniques.

M2.2 (month 30): Implementation and evaluation of the algorithms.

WP 3: Inconsistent diagnosis detection

Start date: t0+6
End date: t0+30
Participant number
1
2
3
4
5
Participant name
Thomson
ENS
LIP6
INRIA Planète
Grenouille
Person-months per participant
18
6
10
0
4
Objectives

This project departs from previous works by explicitly assuming that ISPs do not necessarily cooperate either between themselves or with their end-users. Instead, they may try to hide or fake the actual performance of their services or of other ISPs’ services. In the past, Grenouille has identified three major techniques used by ISPs to bias users observations: (1) treat the user-generated probes preferentially to make the performance look good; (2) block user-generated probes to prevent users from inferring the quality of service provided by their ISP; (3) shift the responsibility of performance degradation to another ISP. Such practices complicate the task of inferring service performance. Their use must thus be identified and taken into account when designing troubleshooting techniques.


We introduce the notion of a diagnosis anomaly to describe departures between performance inferred from active probes and actual performance based on local measurements (such as effective throughput obtained by a specific application). We will consider two types of diagnosis anomalies: local anomalies and inference anomalies. A local anomaly occurs for example when VoIP or IPTV quality observed at the end host is poor and when the active probes do not report a problem. An inference anomaly occurs when various observation points report inconsistent observations or diagnostics. This WP will provide a taxonomy of such inconsistencies, taking care to distinguish actual anomalies from statistical fluctuations. It will determine which steps should be taken in the presence of specific diagnosis anomalies, in particular how the measurements and inferences done in WP2 and WP3 should be modified.

Task 3.1: Inconsistency detection

Partners: LIP6, Thomson, INRIA, ENS, Grenouille


Start date: t0+12 End Date: t0+24

This task will deal with the detection of inconsistent diagnosis. It will be implemented as a supervisor process that compares multiple sources of information and decides whether the result is inconsistent or not. Apparent inconsistencies can arise from the absence of synchronization between end users and generally statistical fluctuations. We will define tests to determine whether an actual inconsistency has occurred or not.

In case an inconsistency is detected, one of the following actions can be taken: encrypt probes, mask probe traffic in real application traffic (VoIP, web transfer, etc.), increase probe frequency or redundancy, select other probing sources, spoof IP addresses, and build other troubleshooting overlays to verify the various possible causes of inconsistency.


Task 3.2: Evaluation

Partners: LIP6, Thomson, Grenouille


Start date: t0+18 End Date: t0+30

We will create artificial inconsistencies in order to simulate ISP’s potential interactions on our measurement traffic. We will perform these experiments in controlled but realistic environments such as VINI and Planetelab.


Controlling the risk:

The main risk in this task is to fail identifying the techniques that are used by ISPs to bias our measurements. We do not think this can happen for the following reasons: (1) Grenouille has a long experience in operational edge measurements. (2) Thomson and LIP6 have a strong experience in monitoring and privileged relationships with ISPs worldwide that will help them discuss freely the issue.

The second risk comes from evaluation: we cannot expect ISP cooperation in the evaluation of these detection techniques. Therefore, we plan to run our own experiments on testbeds and platforms such as VINI and PlanetLab (and its European counterpart, OneLab). We will introduce artificial ISP probe traffic manipulations on controlled experiments to evaluate the effectiveness of our detection modules.


Deliverables

D3.1 (month 30): Implementation and validation of ISP behavior detection techniques

Milestones and expected result

M3.1 (month 24): Library of ISP behavior detection techniques

M3.2 (month 30): Evaluation of the ISP behavior detection techniques

WP 4: Integration

Start date: t0+24
End date: t0+36
Participant number
1
2
3
4
5
Participant name
Thomson
ENS
LIP6
INRIA Planète
Grenouille
Person-months per participant
6
0
31
0
12
Objectives


The goal of this WP is to integrate all the software modules designed in the previous WPs, and to deploy them on both end-user machines and Grenouille servers. We will also update the Grenouille web interface to make this new information available to users. Data issued from our toolbox will be collected and analyzed in order to check their consistency. Last, we will develop a feedback loop that automatically adapts the end-user measurement and cooperative mechanism based on the ISP behavior (as defined in WP3). At the end of this work package, Grenouille will be able to offer the new troubleshooting functionalities proposed in C’MON.

Task 4.1: Integration and deployment of the C’MON troubleshooting toolbox

Partners: LIP6, Thomson, GRENOUILLE


Start date: t0+24 End Date: t0+36

The main objective of this task is to put all the software modules together. First, we need to identify the location of measurement points in the access network. Second, the agents will be implemented and deployed to collect the measurements needed for the algorithms. Third, we will need to design the server who will collect the measurement results and to implement the algorithms. To this end, the existent grenouille.com database will be extended to store the new measurements identified within C’MON and to support the proposed collaborative algorithms. The grenouille.com web interface will be extended to present the new information to users.


Task 4.2: Automating reaction to ISP behavior

Partners: LIP6, Thomson, GRENOUILLE


Start date: t0+24 End Date: t0+36

WP3 designs techniques to track ISP’s attempts to bias observations. WP1 and WP2 design a portfolio of software modules to troubleshoot service anomalies. In this task, we design a control module that decides which monitoring and troubleshooting technique to be used depending on what the ISP is doing to bias user observations. This problem could be very complex. We propose to use simple feedback techniques at this stage. For example, change the metrics collected by end users, or pick a different set of agents to troubleshoot a given problem.


Task 4.3: Validation on grenouille.com

Partners: LIP6, Thomson, GRENOUILLE


Start date: t0+24 End Date: t0+36

During the WP, we will perform a progressive deployment of the C’MON toolbox on the grenouille platform and collect statistics in order to check the accuracy and remove bugs. The purpose is to have an operational version of the C’MON toolbox deployed on grenouille by the end of the project.


Controlling the risk:


There is not much risk in this WP given the participation of grenouille, who has an established user group. Technically, the feedback loop is challenging. However, we will do it incrementally and we do not expect major problems.


Deliverables

D4.1 (month 36): performance and usage report

Milestones and expected result

M4.1 (month 30): deployment of the toolbox on grenouille

M4.2 (month 36): Utilization report and performance evaluation

Expected results and potential impact

The C'MON project will lead to three kinds of outcomes:

  • Improvements on the theory of collaborative monitoring;
  • Design new management techniques;
  • New open source software that will be implemented and added to the Grenouille toolbox.

Collaborative Monitoring Theory.

The idea of cooperative monitoring is not new. The problem on which C'MON concentrates belongs to this class but is quite original in that it focuses on the collective end-user monitoring of connected to the interaction of idependently managed networks. The fact that the ISP could be malicious is also new and poses new theoretical questions: what statistical test should be deployed in order to assess neutrality? How to “debias” measurements in case of diagnosis anomaly, namely when neutrality is not respected? This come on top of the basic questions on the nature of the measurement methodology to be used: either “as stealth as possible” active probes, or passive measurements that are associated with a given application or a given transport protocol, but for which a “debiasing” methodology is still lacking. The answers to these questions will be the primary theoretical outcome of the project. The expected advances will consist of

  • A definition of the key properties to be monitored and of the way they should be monitored using collaborative monitoring;
  • A methodology to assess the neutrality of ISPs;
  • A comprehensive statistical methodology based on collaborative measurements and leading to asymptotically efficient and low variance estimators.

Software.

One of the goals of C’MON is to create a suite of tools to allow the end user to collaborate in a large-scale network-monitoring infrastructure. The success of the C’MON project relies on the wide-adoption of the tools. To facilitate the diffusion of the software we decided to make most of the results of this project available as an Open-Source extension to the software currently provided by Grenouille.com. This collaboration model does not exclude the possibility that Thomson includes the results of the project in its ADSL boxes. This software could help the users and the ISP to understand and troubleshoot the performance degradation of any of the service provided.

Knowledge dissemination.

Besides delivering Open-Source software and patents we plan to have a standardization strategy summarized in two important steps. First we will validate the different methods by publishing them in top networking conferences and journals. Secondly we will disseminate the findings of the project and advertise the Open-Source tools in the de facto Internet standardization forums such as IETF, NANOG or RIPE. Note that RIPE already encourage research projects in the topics covered by C’MON.

Project management : structure and flow

The project is split in work packages. Each work package is split in tasks. For each work package there is at least one corresponding deliverable and a leader, who organizes the work in such a way the tasks can be completed in time according to the task schedule detailed in section 1.7.6. The work package leader is helped by deliverable owners that must guarantee homogeneity and completion of their deliverable according to the milestones detailed in the deliverables and milestone table in section 1.7.6 as well.


Thomson is the project coordinator. In order to maximize the chance of success and minimize risk, the coordinator follows each partner work and makes sure milestones are met and deliverables are delivered on due time. There will be two management meetings per year where partners will update each other on their activities and where work progress will be discussed. In addition, technical meeting will be organized when needed.


WP 0 – Analysis of the design space.

All partners will contribute to this WP. The partners, led by INRIA Planète, will put a report summarizing the current ISP practices, relevant performance metrics and measurement methods identified in this WP. Besides surveying the literature, this WP will heavily rely on Grenouille’s past experience with users of their toolbox and with ISPs, as well as on the experience of other partners in the area of network monitoring and troubleshooting.


WP 1 – End-host monitoring techniques

ENS will lead WP1 and work on inversion methods for point-to-point tomography. Thomson will contribute its expertise in monitoring and data analysis.

LIP6 will contribute to tasks 1.1 and 1.3 with its expertise in active and passive measurements. In particular, LIP6 will enhance its active measurement tool, Paris traceroute (www.paris-traceroute.net), to perform different types of active probes and evaluate the most appropriate probing techniques.

Grenouille will contribute its existing toolbox and expertise to guide the design of techniques developed in WP1.

INRIA Planète will work on the embedding of network delay measurements into a virtual Euclidean space where each machine can get a kind of virtual coordinates that will help it to localize itself and the others and estimate network delays.


WP 2 – Collaborative monitoring

LIP6 is the leader of WP 2 and will be responsible for all the deliverables. LIP6 will actively participate in tasks 2.1 and 2.2 both to develop new tomography algorithms, implement, and test them.

Thomson will design, implement, and evaluate tomography-based inference algorithms and develop techniques to detect and block unwanted traffic in task 2.3.

ENS will contribute with statistical methods to multipoint-to-multipoint tomography.

Grenouille will contribute its existing toolbox and expertise to guide the design of techniques developed in WP2.

INRIA Planète will study how well the virtual topology of the Internet can help in the troubleshooting and the detection of network anomalies or behaviour change. Finally the virtual topology of the Internet is a function of several factors as routing and link delay and so should allow the troubleshooting if the monitoring was done appropriately.

WP 3 – Inconsistent diagnosis detection

WP3 is led by Thomson. Thomson will design techniques to detect ISP behavior.

ENS will build parametrical models and design statistical tools to study ISP behavior.

LIP6 will experiment with the measurement techniques developed in WP 1 and WP 2 to develop a method that identifies inconsistencies in measurements that reveals malicious ISP behaviour.

Grenouille will guide the design and validate the techniques.


WP 4 – Integration

WP4 is led by Grenouille. Grenouille will guide the development team at LIP6 and integrate the new software libraries to its existing toolbox. It will also modify its website and deploy the new toolbox.

Thomson will collect and analyze data.

LIP6 will hire two engineers for the last year of the project, who will work full time on integrating the techniques proposed in WP 1, WP 2, and WP 3 with the Grenouille system. These engineers will work closely with the Grenouille team. Once a first version of the system is operational, LIP6 will also work on the performance evaluation of the system.


Planning and partner involvement

Timing diagram/ critical path
Partners
Year 1
Year 2
Year 3
Th
ENS
LIP6
INRIA
Grenouille
2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36


WP 0
6
6
5
4
6
WP 1
24
12
13
10
4
WP 2
18
12
15
10
4
WP 3
18
6
10
0
4
WP 4
6
0
24
0
12
Deliverables/Milestones
Progress report/expenses
 :-)  :-)!  :-)  :-)!  :-)  :-)!
Consortium agreement/final report
* **
-) : 6 month-progress report
-)! : Progress report + expenses

* : Consortium agreement

** : Final report + expenses summary


Partic. no.
Partic. short name
WP0
WP1
WP2
WP3
WP4
Total person /months
1
Thomson
6
18
24
18
6
72
2
ENS
6
12
12
6
0
36
3
LIP6
5
13
15
10
31
74
4
INRIA – Planète
4
10
10
0
0
24
5
Grenouille
6
4
4
4
12
30
Deliverables and milestones
Work Package
Title and substance of the deliverables and milestones
Delivery date, in months starting from T0
Partner in charge of the deliverable/ milestone
0. Analysis of the design space
 
D 0.1 Survey of end-to-end and collaborative measurement techniques
6
INRIA – Planete
M 0.1 End of matrix of measurement techniques
6
INRIA – Planete


1. End-host monitoring techniques
 
D 1.1 Description of direct measurement techniques and corresponding primary metrics.
12
ENS
M 1.1 Identification of metrics that can be locally inferred
18
ENS
D 1.2 Description of inference techniques for metrics of interest
24
ENS
M 1.2 Identification of bias- and variance- efficient inference techniques
24 
ENS


2. Collaborative monitoring
 
M 2.1 End of the creation of the tomography and collaborative techniques.
24
LIP6
D 2.1 Report on algorithms for collaborative monitoring and filtering.
30
LIP6
M 2.2 Implementation and evaluation of the algorithms
30
LIP6


3. Inconsistent diagnosis detection
 
M 3.1 Library of ISP behavior detection technique
24
Thomson
D 3.1 Implementation and validation of ISP behavior detection techniques
30
Thomson
M 3.2 Evaluation of the ISP behavior detection techniques
30
Thomson


4. Integration
M 4.1 Deployment of the toolbox on Grenouille
30
Grenouille
D 4.1 Performance and usage report
36
Grenouille
M 4.2 Utilization report and performance evaluation
36
Grenouille


Description of the Consortium.

Presentation of the relevance of each partner to the proposal.

The execution of this project requires deep knowledge of Internet routing, traffic, and network operational and engineering practices as well as network measurement, modeling, and evaluation techniques. Our consortium brings together a group of researchers that cover all of the required expertise. It also brings a young and a very active association in the area of Internet measurement in France. Grenouille.com is indeed a group of volunteers that are devoted to the development of measurement modules to be installed by ADSL clients in France in order to measure continuously the performance of the Internet and report on the quality of service provided by each ISP. The hosts involved in the Grenouille and the experience of the persons involved in the management of these hosts will be an excellent opportunity for the consortium to collect traces and validate new ideas for network monitoring and troubleshooting. Please refer to the Appendix for a biography of the main contributors to the project.


Thomson SA

With 30,000 employees, Thomson operates in 30 countries and is active in the growing markets of North America, Europe and Asia. Thomson provides technology, systems and services to help its Media & Entertainment clients - content creators, content distributors and users of its technology - realize their business goals and optimize their performance in a rapidly changing technology environment. The Group is the preferred partner to the Media & Entertainment Industries through its Technicolor, Grass Valley, RCA and Thomson brands.


Thomson’s strategy for growth is founded upon a critical change: the new technology paradigm stemming from the transition of film and video images to digital formats. Today, movie and TV industries are converging as digital technology is utilized in cameras, post-production and storage, as well as content management, cable and wireless distribution and even digital cinema projection. By offering complete, end-to-end services, from the film studio all the way to the consumer in the movie theatre or at home, Thomson is a leader in a growing, changing marketplace.


Thomson is organized into 3 client focused divisions, - content creators with the Digital Content Solutions Division, network operators and broadcasters with the Video Networks Solutions Division and manufacturers and retailers with the Industry and Consumer Solutions Division . Thomson is currently number one worldwide on the market of IP, satellite and cable set-top-boxes, triple play gateways, DSL modems. It is also among the leaders in most IP-based services (including IPTV, VoD, etc.).


Thomson’s Paris Research Lab is a group of 20-25 researchers which activity is dedicated to medium to long-term research in the area of content (voice, video, games, etc.) delivery. This lab is the most recent of the seven R&D labs at Thomson. After only two years of existence, the Paris lab has already published in the most selective conferences in the network community. It is at the state of the art in peer-to-peer technology, traffic anomaly and troubleshooting research, working in collaboration with the best US and Europe teams.


Thomson has a strong interest in network troubleshooting, and in networking security. Internet services are significantly more difficult to troubleshoot than telephone services (because of the unmanaged nature of the Internet). It is a significant challenge for ISPs. This project will help Thomson deploy troubleshooting mechanisms on its triple-play gateways and set-top-boxes, where it is the most relevant to answer both customer and service provider questions.


ENS

ENS is a joint INRIA-ENS research group with 3 permanent members. Its focus is on the modeling, the simulation and the control of communication networks. ENS has a continuum of activities ranging from methodological research on the dynamical theory of networks to protocol design to industrial transfer. Four main research directions are pursued:


The modeling and control of packet switching networks: admission control, flow regulation flow and congestion control, traffic characterization and analysis;

The modeling and control of wireless network architectures: coverage, power control, transport capacity, macro diversity, connectivity, self-organization;

The dynamical theory of stochastic networks, particularly so via algebraic methods;

New stochastic geometry tools in relation with tessellation or coverage processes and point process tools.


ENS has been active in the top conferences in networking (IEEE Infocom, ACM Sigcomm, ACM Sigmetrics) since its creation in 2000. ENS has also been publishing on the mathematics of networking in such applied mathematics journals as Annals of Applied Probability, Applied Probability Journals, Maths of Operations Research etc.


ENS created two joint labs with industry, one with Alcatel-Bell (2002-2005) and one with France Telecom (2005-2006). It has been active in a variety of European and National projects including the TMR Alapedes project, the NOE Euro FGI or the George RNRT exploratory project.


LIP6/UPMC

LIP6 is the computer science laboratory at Université Pierre et Marie, associated with the CNRS. It is one of the largest computer science laboratories in France with more than 350 researchers covering a wide spectrum of topics ranging from theoretical computer science to VLSI, among them the Network and Performance Analysis (NPA) group covers issues related to networking. In particular, NPA focuses on creating a vision for the Internet of the future as well as designing solutions to shape and manage it. Research at NPA is organized around five main axes: measurements, modeling and performance evaluation, content networks, self-organizing networks, and Internet governance.


LIP6 will contribute to this project with its expertise on Internet routing and network measurements. This expertise is recognized by the top conferences in our field (ACM Sigcomm, ACM Sigmetrics, ACM/USENIX Internet Measurement Conference, and IEEE Infocom). Members of LIP6 are often represented in the technical program committees of these conferences and have their work published there. The group maintains various collaborative efforts both at the European level (with the network of excellence ENEXT and projects like Onelab) and the national level (with projects like the RNRT Metropolis, the ACI S&I MetroSec, and the RNRT OSCAR).


INRIA – Planète

The Planète team, located both at INRIA Sophia Antipolis and INRIA Rhône-Alpes research units, conducts research in the domain of networking, with an emphasis on designing, implementing, and evaluating Internet protocols and applications. The main objective of the team is to propose and study new architectures, services and protocols that will enable group and secured communication through the Internet. The past and ongoing research projects within the team span several areas such as security in infrastructure-less and constrained networks, scalable group communications, impact of heterogeneity on protocol performance, Internet measurement and resource localization; analysis of peer to peer protocols dynamics.


Planète research activities are realized in the context of French, European and international collaborations : in particular with several academic (UCL, UCI, UCLA, MIT, UMass, Bern University, ENS, LIP6, Eurecom, INLN, etc.) and industrial (Alcatel, FT R&D, Hitachi, Intel, Motorola, Thales, Thomson Multimédia, STMicroelectronics, etc.) partners.


This research is funded by European and national sources. Currently the team is involved in three national projects, the RNRT project DIVINE (Video transmission over heterogeneous receivers and links), the RNRT project OSCAR (Overlay networks Security: Characterization, Analysis and Recovery) and the ACI project SPLASH (Securing Mobile ad hoc networks). At the European level, the project is member of two projects: ONELAB for the development of an open networking laboratory supporting communication network based on PlanèteLab, and UBISec&Sens on ubiquitous sensing and security in the European homeland. During the past years, the Planète team was member of many other projects as ARACADE, VIP and CONSTELLATIONS at the national level, and MUSE, DESS and MECCANO at the European level.


Grenouille.com


Grenouille.com is a French website publishing reports about the “Internet Weather”. The weather is derived from the collection of local measurement across several thousands client from most of the ISP present in France.

This nonprofit organization has more than 300 000 members and collect download and upload bandwidth metrics and ping time response from about 100 000 different French Internet address on a daily basis. In 1999 the high speed Internet started to be available for the home users using cable technology. Its erratic performance and behavior left the users with no mean to understand what was happening. Grenouille.com started by letting users measure their instantaneous connection performance. With the success of this measurement a new software was released and the website started collecting and storing performance measurements in their database. All the software necessary to collect metrics by Grenouille.com are licensed under copyleft type license like GPLv2/GPLv3/AGPLv3 in order to help collaborative work and enhancement but also to ensure the technical neutrality of the metrics collected. Grenouille.com has no dedicated budget from beginning and all the infrastructure and bandwidth needed to run the project is sponsored by OVH (http://www.ovh.com), free of charge.

Description of complementarity within the consortium.

Each participant in the consortium brings a different expertise to successfully further increase the state of the art in this area. ENS is recognized for its statistical methodologies for network probing and inference of measurement results. Thomson on his side with its cutting edge research team has a long history of applied research with key contribution in anomaly detection and troubleshooting and expertise on data mining of large datasets. LIP6 has key contributions on tomography techniques and root cause analysis. The tools are now mature to be implemented and tested in real network. Grenouille has been active for several years in monitoring simple end user network performances. INRIA is a major actor in the overlay and topology inference area with significant contributions especially on the protocol design, performance evaluation, and experimentation platforms sides.


All this expertise of the partners complements each other and is required for the success of the project. LIP6 and Thomson will provide the consortium with their experience in applied network research and troubleshooting, INRIA with its experience in overlays and protocol design, ENS with its expertise in the inversion of network measurements, and finally Grenouille with its thousands of hosts and qualified researchers and engineers will be the ideal environment to develop and validate the network monitoring and diagnosis architecture at the issue of the project.


Principal investigator: skills and CV.

Christophe Diot received a Ph.D. degree in Computer Science from INP Grenoble in 1991, and HDR in 1996. He was with INRIA Sophia-Antipolis from October 1993 to September 1998, where he pioneered work on diffserv, multicast, and peer-to-peer multi-player games on the Internet. Diot started and led the IP research group at Sprint (Burlingame, CA) from October 1998 to April 2003. At Sprint, he acquired a deep knowledge of large Internet backbone design and engineering, and pioneered measurement-based research. The IPMON system was the first large-scale passive-monitoring infrastructure deployed in an operational backbone. At Intel Research (Cambridge, UK) from May 2003 to September 2005, Diot started work on network-wide anomaly detection. He is again a pioneer in this area. He joined Thomson in October 2005 to start and manage the Paris Research Lab (http://thlab.net). At Thomson, Diot's research activities focus on advanced peer-to-peer communication services and platforms for the future Internet. Diot has around 20 patents and more than 200 international publications in top conferences and journals. Diot is an ACM fellow. Recently, Diot was promoted CTO of Thomson Corporate research BU.


Diot has a broad and deep management and coordination experience. He has

  • organized numerous large conferences and scientific events,
  • launched and managed three different research labs, all very successful (so far),
  • successfully started numerous european projects,
  • coordinated multiple projects (among which HIPPARCH and HAGGLE)
  • advised numerous PhD students and interns.

Selected publications


A. Damdhere, R. Teixeira, C. Dovrolis, C. Diot. "NetDiagnoser: troubleshooting network incidents using end-to-end probes and routing data".  ACM SIGCOMM CoNext 07. NYC. December 07.

H. Ringberg, A. Soule, J. Rexford, C. Diot. “Sensitivity of PCA for Traffic Anomaly Detection” ACM SIGMETRICS, June 2007.

A. Soule, H. Larsen, F. Silveira, J. Rexford, C. Diot, “Detectability of Traffic Anomalies in two adjacent networks”, PAM Conference, April 2007.

R. Teixeira, S. Uhlig, C. Diot, “BGP Route Propagation between Neighboring Domains”, Passive and Active Measurement Conference, April 2007.

B. Y. Choi, S. Moon, R. Cruz, C. Diot, “Quantile Sampling for Practical Delay Monitoring in Internet Backbone Networks”, to appear in Computer Networks Magazine.

X. Li, F. Bian, M. Crovella, C. Diot, R. Govindan, G. Iannaccone, A. Lakhina, “Precise Anomaly Detection and Identification Using Sketch Subspaces”, ACM Internet Measurement Conference, October 06.

G. Cantieni, G. Iannaccone, P. Thiran, C. Barakat, C. Diot, “Reformulating the Monitor placement problem: optimal network-wide sampling”, CoNext 06, December 06.

D. Papagiannaki, N. Taft, Z.-L. Zhang, C. Diot, “Long Term Forecasting of Internet backbone Traffic”, IEEE Transaction on neural Networks - Special Issue on Adaptive Learning Systems in Communication Networks. Vol. 16, No. 5, September 05.

B. Y. Choi, S. Moon, R. L. Cruz, Z.-L. Zhang, C. Diot, “Practical Delay Monitoring Method for ISPs”, CoNext, October 05.

A. Lakhina, M. Crovella, C. Diot, “Mining Anomalies Using Traffic Feature Distributions”, ACM SIGCOMM, September 05.

A. Lakhina, M. Crovella, C. Diot, “Characterization of Network-Wide Anomalies in Traffic Flows”, ACM Internet Measurement Conference, October 2004.

A. Lakhina, M. Crovella, C. Diot, “Diagnosing Network-Wide Traffic Anomalies”, ACM SIGCOMM, August 2004.

Data management, data sharing, intellectual property strategy, and exploitation of project results

The project will establish a wiki for project management (hosted by Grenouille). According to the original nature of the project (Grenouille is a non profit organization that designs and produce free and open source software, and Thomson commercial and proprietary software), a consortium agreement and a NDA will be signed among the partners before the project starts.

However, the main goal of the project remains to design new troubleshooting functionalities to be added to the Grenouille software bundle, and to make them publically available under a free and open source licence. Some mechanisms could be patented by Thomson though, who might decide to limit its distribution. Thomson might also consider using pre-existing free and open source software in a commercial product. The conditions under which it is possible will be described in the consortium agreement. The consortium agreement will also address co-invention. Note that in the case of co-advised student, a contract already exists between Thomson and LIP6.


Data management

We identify two major data types:

  • Measurement data. We will use data collected at different locations, on various networks. We will use these data to evaluate the mechanisms we design. When external data are use (e.g. Abilene or Geant traffic), we will obtain the relevant authorisation and only authorised partner will access the data. Thomson also plans to use its own corporate network data to evaluate the troubleshooting and diagnosing software designed. This data will be shared with partners after anonymization.
  • Software will be designed by all partners. Grenouille, Thomson, Planet INRIA, ENS and LIP6 will contribute previously designed software to the project. The original license nature of this software will be preserved.

Thomson will use its Storage Area Network to store measurement data when needed. Thomson has around 20TB of storage capacity available. LIP6 and Grenouille can also provide storage capacity. The storage capacity extension needed for Grenouille is part of the sponsorship between Grenouille and OVH.

Data Sharing

Data will be shared freely among the project partners for the duration of the project. A NDA will be signed though in order to protect data privacy. Grenouille will put together a wiki to share information among partners. In addition to internet traffic and QoS statistics, the partner will share performance evaluation of their proposed mechanisms, as well as implementation realised as a project contribution. Each partner owns its software and data though, and utilization by another partner is only possible with the written permission of the owner, and under conditions defined by the owner.


IP strategy

According to the nature of the project and the cooperation with Grenouille.com, the code designed by all partners but Thomson will be made available under one of the classic free and open source licences.

All partners will take any opportunity to patent invention made in the course of the project. The following sections describe how knowledge will be shared by partners. Given the presence of two industrial partners, it is important to describe the IP mechanism rigorously.


We intend to publish all results in major scientific conferences and journals.

We intend to let the right to partners to reuse patents of invention made in the course of the project royalty-free.


Exploitation of results

We foresee two major threads of results exploitation:

As part of the Grenouille free and open source software bundle, the results of the projects will be used for Internet end-users to analyse their DSL line performance for example.

Thomson will study how to reuse the techniques designed in this project to provide a managed troubleshooting service to be implemented on tripleplay gateways.


We also expect that in case of success, ISPs will try to cooperate with Grenouille and reuse the data collected by Grenouille’s end-users to perform a more efficient troubleshooting and anomaly diagnosis.

Appendix

Appendix: Biography of main contributors

INRIA

Chadi Barakat is a permanent research scientist in the Planète research group at INRIA - Sophia Antipolis since March 2002. He got his master and Ph.D. degrees in Networking from the University of Nice - Sophia Antipolis in 1998 and 2001. His Ph.D. was done in the Mistral group at INRIA - Sophia Antipolis. From April 2001 to March 2002, he was with the LCA department at EPFL-Lausanne for a post-doctoral position, and from March to August 2004 he was a visiting faculty member at Intel Research Cambridge. Chadi Barakat was general chair for PAM 2004 and WiOpt 2005 workshops, PC co-chair for the Sampling 2005 workshop, guest editor for a JSAC special issue on sampling the Internet, and is area editor for the ACM CCR journal. He served in the program committees of many international conferences as Infocom, IMC, ICNP, IWQoS, PAM, ASWN and Globecom. Chadi Barakat conducts his research in the context of national, international and industrial collaborations. He was member of the RNRT project Constellations, is now leading the INRIA contribution to the RNRT project OSCAR and had collaborations with several industrials as Hitachi, Sprint, Alcatel, Intel and Thomson. His main research interests are congestion and error control in computer networks, the TCP protocol, voice over IP, wireless LANs, Internet measurement and traffic analysis, and performance evaluation of communication protocols.


Selected publications

Mohamed Ali Kaafar, Laurent Mathy, Chadi Barakat, Kave Salamatian, Thierry Turletti, Walid Dabbous, "Securing Internet Coordinate Embedding Systems", to appear in proceedings of ACM SIGCOMM, Kyoto, Japan, August 2007.

C. Barakat, M. Malli, N. Nonaka, “TICP: Transport Information Collection Protocol”, Annals of Telecommunications, vol. 61, no. 1-2, pp. 167-192, 2006.

N. Moller, C. Barakat, K. Avrachenkov, E. Altman, “Inter-protocol fairness between TCP New Reno and TCP Westwood+”, Conference on Next Generation Internet Networks (NGI), May 2007.

G. R. Cantieni, G. Iannaccone, C. Barakat, C. Diot, P. Thiran, “Reformulating the monitor placement problem: Optimal Network-wide Sampling”, CoNext, Lisboa, December 2006.

E. Altman, K. Avrachenkov, C. Barakat, “A Stochastic Model of TCP/IP with Stationary Random Losses”, IEEE/ACM Transactions on Networking, vol. 13, no. 2, pp. 356- 369, April 2005.

C. Barakat, G. Iannacconne, C. Diot, “Ranking flows from sampled traffic”, CoNEXT, October 2005.

A. Nucci, N. Taft, C. Barakat, P. Thiran, “Controlled Use of Excess Backbone Bandwidth for Providing New Services in IP-over-WDM Networks”, IEEE Journal on Selected Areas in Communications, vol. 22, no. 9, pp. 1692-1707, November 2004.

C. Barakat, A. Al Fawal, “Analysis of link-level hybrid FEC/ARQ-SR for wireless links and long-lived TCP traffic”, Performance Evaluation Journal, vol. 57, no. 4, pp. 423-500, August 2004.

C. Barakat, P. Thiran, G. Iannaccone, C. Diot, P. Owezarski, “Modeling Internet backbone traffic at the Flow level”, IEEE Transactions on Signal Processing - Special Issue on Signal Processing in Networking, vol. 51, no. 8, August 2003.

S. Alouf, E. Altman, C. Barakat, P. Nain, “Estimating Membership in a Multicast Session”, ACM SIGMETRICS, June 2003.

C. Barakat, “TCP modeling and validation”, IEEE Network, vol. 15, no. 3, pp. 38-47, May 2001.

C. Barakat, E. Altman, W. Dabbous, “On TCP Performance in a Heterogeneous Network : A Survey”, IEEE Communication Magazine, vol. 38, no. 1, pp. 40-46, January 2000.


ENS

Francois Baccelli got his “doctorat d'etat” from Université Paris-Sud in 1983. He was then with INRIA Rocquencourt until 1987 and with INRIA Sophia Antipolis until 1998. He was also a part time professor at Ecole Polytechnique, from 1991 until 2003. He is currently INRIA “directeur de recherche” in the computer science department of Ecole Normale Superieure in Paris, where he started a new research group on communication networks in 1999. F. Baccelli is a specialist of the mathematical modeling and the design of networks. His current research interests are focused on two topics: the analysis and control of large IP networks and the development of new tools for assessing and exploiting the capacity of wireless access networks. He was a partner in several European projects, like IMSE, ALAPEDES and EURONGI, and he was the coordinator of the QMIPS Basic Research Action. He coauthored a Springer Verlag book on queueing theory with P. Bremaud and a Wiley book on discrete event networks with G. Cohen, G.J. Olsder and J.P. Quadrat. F. Baccelli became a member of the French Academy of Sciences in 2005.


Selected publications

F. Baccelli, “Modeliser le trafic pour mieux le gerer”, in L'explosion des mathématiques, SMF-SMAI, pp. 75-79, July 2002.

S. Machiraju, D. Veitch, F. Baccelli, A. Nucci, J. Bolot, “Theory and Practice of Cross-Traffic Estimation”, ACM SIGMETRICS, June 2005.


F. Baccelli, S. Machiraju, D. Veitch, J. Bolot, “The Role of PASTA in Network Measurement”, ACM SIGCOMM, October 2006.

B. Kauffmann, F. Baccelli, A. Chaintreau, V. Mhartre, K. Papagiannaki, C. Diot, “Measurement-Based Self Organization of Interfering 802.11 Wireless Access Networks”, IEEE INFOCOM, April 2007.

F. Baccelli, S. Machiraju, D. Veitch, J. Bolot, “On Optimal Probing for Delay and Loss Measurement”, proc. ACM SIGCOMM IMC, October 2007.

LIP6/UPMC

Renata Teixeira is a CNRS researcher at LIP6 since 2006. She received her Ph.D. in Computer Science in 2005 at the University of California, San Diego, for which she was awarded the Department of Computer Science and Engineering Ph.D. Dissertation Award 2005. During her Ph.D., Teixeira worked at the AT&T Labs in Florham Park. After her PhD, she did one year of post-doc at LIP6. Teixeira has served as a program committee member of the most selective conferences in the networking community: ACM SIGCOMM, IEEE INFOCOM, and ACM IMC. Her research interests are in measurement and analysis of routing protocols, and in management of large IP networks.


Selected publications:

A. Damdhere, R. Teixeira, C. Dovrolis, C. Diot. “NetDiagnoser: troubleshooting network incidents using end-to-end probes and routing data”.  ACM SIGCOMM CoNext 07. NYC. December 2007.

B. Augustin, T. Friedman, and R. Teixeira, "Measuring Native Path Diversity in the Internet", in proceedings of ACM Internet Measurement Conference, October 2007.

R. Teixeira, T. Griffin, M. G. C. Resende, and J. Rexford, "TIE Breaking: Tunable Interdomain Egress Selection", IEEE/ACM Transactions on Networking, vol. 15, no. 4, August 2007.

L. Bernaille, R. Teixeira, and K. Salamatian, "Early Application Identification", in proceedings of CoNEXT, Decembre 2006. (Best paper award)

B. Augustin, X. Cuvellier, B. Orgogozo, F. Viger, T. Friedman, M. Latapy, C. Magnien, and R. Teixeira, "Avoiding traceroute anomalies with Paris traceroute", in proceedings of ACM Internet Measurement Conference, October 2006.

R. Teixeira and J. Rexford, "Managing Routing Disruptions in Internet Service Provider Networks", IEEE Communications Magazine, March 2006.

R. Teixeira, T. Griffin, A. Shaikh, and G.M. Voelker, "Network Sensitivity to Hot-Potato Disruptions", in proceedings of ACM SIGCOMM, August 2004.

R. Teixeira, A. Shaikh, T. Griffin, and J. Rexford, " Dynamics of Hot-Potato Routing in IP Networks", in proceedings of ACM SIGMETRICS, June 2004.


Thomson

Laurent Massoulié graduated from Ecole Polytechnique in 1991, and received a PhD in Automatic Control from Université Paris Sud in 1995. From 1995 to 1998 he worked in France Télécom R&D on traffic control of ATM and IP networks. From 1999 to 2006 he was with Microsoft Research Cambridge. There he worked on congestion control, overlay management, and peer-to-peer applications over the Internet. Since 2006 he is a senior researcher in Thomson Corporate Research, where he is involved in the design of peer-to-peer applications for multimedia content distribution. He is the recipient of several best paper awards (IEEE Infocom 1999, ACM Sigmetrics 2005, and ACM Conext 2007).


Selected publications

T. Bonald, L. Massoulié, F. Mathieu, D. Perino, A. Twigg. « Epidemic Live Streaming : Optimal Performance Trade-Offs ». ACM Sigmetrics 2008.

P. Key, L. Massoulié, D. Towsley. “Path selection and multipath congestion control”. IEEE Infocom 2007.

L. Massoulié, E. Le Merrer, A.-M. Kermarrec, A.J. Ganesh. « Peer counting and sampling in overlay networks : random walk methods ». ACM PODC 2006.

A.J. Ganesh, D. Gunawardena, P. Key, L. Massoulié, J. Scott. “Efficient quarantining of scanning worms: optimal detection and coordination”. IEEE Infocom 2006.

P. Key, L. Massoulié, B. Wang. “Emulating low-priority transport at the application layer: a background transfer service”. ACM Sigmetrics 2004.

A.J. Ganesh, A.-M. Kermarrec, L. Massoulié. “Network awareness and failure resilience in self-organising overlay networks”. IEEE SRDS 2003.


Augustin Soule joined the Thomson Paris Lab as a permanent research scientist in December 2005. He received his Ph. D. in Networking from the university Pierre et Marie Curie, Paris VI, in January 2006 and his Engineer degree from the Institut Supérieur d’Electronique de Paris in 2001. During his Ph. D. he developed the passive measurement collection and analysis center of LIP6. He contributed to the anomaly detection effort as an intern at Intel Berkeley where he developed a network-wide anomaly detection framework under the supervision of Nina Taft. During his internship at Sprint with Antonio Nucci he learned the operational constraints of network measurement. He actively contributed to the RNRT Metropolis project during his Ph. D. with various papers published in top conferences. His areas of interests are on network measurement, traffic analysis, data-mining and reproducible research.


Selected publications

H. Ringberg, A. Soule, J. Rexford, and C. Diot, “Sensitivity of PCA for Traffic Anomaly Detection”, ACM SIGMETRICS, 2007.

A. Soule, H. Ringberg, F. Silveira, J. Rexford, and C. Diot, “Detectability of Traffic Anomalies in Two Adjacent Networks”, Passive and Active Measurement Conference, 2007.

A. Soule, K. Salamatian, A. Nucci, and N. Taft, “Traffic matrix tracking using Kalman filters”, ACM SIGMETRICS Workshop on Large Scale Network Inference, 2005.

A. Soule, K. Salamatian, and N. Taft, “Combining Filtering and Statistical Methods for Anomaly Detection”, ACM Internet Measurement Conference, 2005.

A. Soule, A. Lakhina, N. Taft, K. Papagiannaki, K. Salamatian, A. Nucci, M. Crovella, and C. Diot, “Traffic matrices: balancing measurements, inference and modeling”, ACM SIGMETRICS, 2005.

A. Soule, A. Nucci, R. Cruz, E. Leonardi, and N. Taft, “How to identify and estimate the largest traffic matrix elements in a dynamic environment”, ACM SIGMETRICS, 2004.

A. Soule, K. Salamatian, N. Taft, R. Emilion, and K. Papagiannaki, “Flow classification by histograms: or how to go on safari in the internet”, ACM SIGMETRICS, 2004.


Grenouille

Jérôme Benoit joined the Grenouille project back in 1999 after obtaining an Msc in mathematics from Université Saint Charles at Marseille. Since then he worked in various places such as Wanadoo and Alcatel as a sysadmin. He is now working with Steria, an consulting company specialized in IT services.


Alan Schmitt is currently in sabbatical at University of Bologna until September 2008. In 2004, he moved to Grenoble where he was appointed a researcher with INRIA. Before this, he was a postdoctoral student at University of Pennsylvania for a year and a half, working with Benjamin Pierce. Schmitt’s main research interests are centered around programming languages: type systems for dynamic assemblies of components, expressivity of process calculi, type systems for XPath queries, programming language for components, bidirectional programming languages. He is the main developer of the camlgrenouille client.

Appendix: Bibliography.

[1] François Baccelli, Sridhar Machiraju, Darryl Veitch, Jean Bolot, “The role of PASTA in network measurement”, in proc. of ACM SIGCOMM 2006. 

[2] Chadi Barakat, Patrick Thiran, Gianluca Iannaccone, Christophe Diot, Philippe Owezarski, “Modeling Internet backbone traffic at the flow level”, IEEE Transactions on Signal Processing - Special Issue on Signal Processing in Networking, vol. 51, no. 8, pp. 2111-2124, August 2003.

[3] Chadi Barakat, Gianluca Iannaccone, Christophe Diot, "Ranking flows from sampled traffic", in proceedings of CoNext, Toulouse, October 2005.

[4] Barford, P. and Plonka, D. 2001. Characteristics of network traffic flow anomalies. In Proceedings of the 1st ACM SIGCOMM Workshop on internet Measurement (San Francisco, California, USA, November 01 - 02, 2001). IMW '01.

[5] Gion Reto Cantieni, Gianluca Iannaccone, Chadi Barakat, Christophe Diot, Patrick Thiran, “Reformulating the monitor placement problem: Optimal Network-wide Sampling”, in proceedings of CoNext, Lisboa, Portugal, December 2006.

[6] J. Bolot, “Characterizing End-to-End Packet Delay and Loss in the Internet.” Journal of High-Speed Network, vol. 2 n. 3, pp. 289-298, Dec. 1993.

[7] R. L. Carter and M. E. Crovella, “Measuring Bottleneck Link Speed in Packet-Switched Networks,” Performance Evaluation, vol. 27,28, pp. 297–318, 1996.

[8] R. Caceres, N. Duffield, J. Horowitz, D. Towsley, and T. Bu, "Multicast-based inference of network-internal characteristics: Accuracy of packet loss estimation," in IEEE INFOCOM 1999.

[9] Jaideep Chandrashekar, Zhi-Li Zhang, Haldane Peterson, “Fixing BGP, One AS at a Time », in proceedings of ACM SIGCOMM Network Troubleshooting Workshop, August 2004.[10] M. Coates, A. Hero, R. Nowak, and B. Yu, "Internet Tomography," IEEE Signal Processing Magazine vol. 19, no. 3, pp. 47--65, 2002.

[11] C. Dovrolis, P. Ramanathan, and D. Moore, “What do Packet Dispersion Techniques Measure?,” in Proceedings of IEEE INFOCOM, Apr. 2001, pp. 905–914.

[12] A.B. Downey, “Using Pathchar to Estimate Internet Link Characteristics,” in Proceedings of ACM SIGCOMM, Sept. 1999, pp. 222–223.

[13] N. G. Duffield, F. L. Presti, V. Paxson, and D. Towsley, "Inferring link loss using striped unicast probes," in IEEE INFOCOM 2001.

[14] N. G. Duffield, “Network tomography of binary network performance characteristics,” IEEE Transactions on Information Theory, vol. 52, no. 12, pp. 5373–5388, Dec. 2006.

[15] N. Feamster, D. Andersen, H. Balakrishnan, and M. F. Kaashoek, «Measuring the Effects of Internet Path Faults on Reactive Routing», Proc. ACM SIGMETRICS, San Diego, CA, June 2003.

[16] N. Feamster and H. Balakrishnan, ``Detecting BGP Configuration Faults with Static Analysis,'' in Proc. USENIX Symposium on Networked Systems Design and Implementation, May 2005.

[17] FELDMANN, A., MAENNEL, O., MAO, Z. M., BERGER, A., AND MAGGS, B. Locating Internet Routing Instabilities. In Proceedings of ACM SIGCOMM (2004).

[18] V. Jacobson, ``Traceroute.'' ftp://ftp.ee.lbl.gov/traceroute.tar.gz.

[19] V. Jacobson. pathchar a tool to infer characteristics of Internet paths. Presented at the Mathematical Sciences Research Institute, 1997.

[20] R. Jain. A delay-based approach for congestion avoidance in interconnected heterogeneous computer networks. ACM Computer Communication Review, 19:56--71, Oct. 1989.

[21] Rohit Kapoor , Ling-Jyh Chen , Alok Nandan , Mario Gerla , M. Y. Sanadidi, CapProbe: a simple and accurate capacity estimation technique for wired and wireless environments, ACM SIGMETRICS Performance Evaluation Review, v.32 n.1, June 2004

[22] Kandula, S., Katabi, D., and Vasseur, J. 2005. Shrink: a tool for failure diagnosis in IP networks. In Proceeding of the 2005 ACM SIGCOMM Workshop on Mining Network Data (Philadelphia, Pennsylvania, USA, August 26 - 26, 2005). MineNet '05.

[23] Katzela and Schwartz. Schemes for fault identification in communication networks. IEEE/ACM Transactions on Networking, 3(6):753–764, 1995.

[24] K. Lai and M.Baker, “Measuring Link Bandwidths Using a Deterministic Model of Packet Delay,” in Proceedings of ACM SIGCOMM, Sept. 2000, pp. 283–294.

[25] Lakhina, A., Crovella, M., and Diot, C. 2005. Mining anomalies using traffic feature distributions. In Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols For Computer Communications (Philadelphia, Pennsylvania, USA, August 22 - 26, 2005). SIGCOMM '05.

[26] A. Markopoulou, G. Iannaccone, S. Bhattacharyya, C. Chuah, and C. Diot, ``Characterization of Failures in an IP Backbone,'' in Proc. IEEE INFOCOM, 2004.

[27] H.X. Nguyen and P. Thiran, “The Boolean Solution to the Congested IP Link Location Problem: Theory and Practice”, accepted to IEEE Infocom , 2007.

[28] A. Pasztor and D. Veitch, “Active Probing using Packet Quartets,” in Proceedings Internet Measurement Workshop (IMW), 2002.

[29] V. Paxson. End-to-end routing behavior in the internet. In Proc. Of ACM SIGCOMM, 1997.

[30] V. Paxson. End-to-end Internet packet dynamics. IEEE/ACM Transactions on Networking, 7(3):277–292, 1999.

[31] Steinder, M. and Sethi, A. S. 2004. Probabilistic fault localization in communication systems using belief networks. IEEE/ACM Trans. Netw. 12, 5 (Oct. 2004), 809-822.

[32] Jacob Strauss, Dina Katabi, and Frans Kaashoek. A measurement study of available bandwidth estimation tools. In Internet Measurement Conference (IMC) 2003, Miami, Florida, October 2003.

[33] R. Teixeira and J. Rexford - ``A Measurement Framework for Pin-Pointing Routing Changes'',  in proceedings of ACM SIGCOMM Network Troubleshooting Workshop, August 2004.

[34] Zhao, Y., Chen, Y., and Bindel, D. 2006. Towards unbiased end-to-end network diagnosis. In Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols For Computer Communications (Pisa, Italy, September 11 - 15, 2006). SIGCOMM '06.

[35] Cliff C. Zou, Weibo Gong, Don Towsley, and Lixin Gao. "The Monitoring and Early Detection of Internet Worms," to appear in IEEE/ACM Transactions on Networking.

[36] L. Wang, X. Zhao, D. Pei, R. Bush, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, ``Observation and Analysis of BGP Behavior Under Stress,'' in Proc. Internet Measurement Workshop, November 2002.

[37] Wang, F., Mao, Z. M., Wang, J., Gao, L., and Bush, R. 2006. A measurement study on the impact of routing events on end-to-end internet path performance. SIGCOMM Comput. Commun. Rev. 36, 4 (Aug. 2006), 375-386

[38] T. E. Ng, and H. Zhang, Predicting internet network distance with coordinates-based approaches, in Proceedings of the IEEE INFOCOM, New York, June 2002.

[39] F. Dabek, R. Cox, F. Kaashoek and R. Morris, Vivaldi: A decentralized network coordinate system, in Proceedings of the ACM SIGCOMM, Portland, Oregon, August 2004.

[40] http://www.ripe.net/ripe/meetings/ripe-53/presentations/cbm.pdf

[41] R. Mahajan, N. Spring, D. Wetherall, and T. Anderson, “User-level Internet Path Diagnosis,” in Proc. ACM SOSP, October 2003.

[42] M. Zhang, C. Zhang, V. Pai, L. Peterson, and R. Wang, “PlanèteSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services,” in Proc. USENIX OSDI, December 2004.

[43] H. Nguyen and P. Thiran. “Network Loss Inference with Second Order Statistics of End-to-End Flows,” In Proc. Internet Measurement Conference, 2007.

[44] J. Sommers, P. Barford, N. Duffield, and A. Ron, “Accurate and Efficient SLA Compliance Monitoring,” In Proc. ACM SIGCOMM, 2007.

De Wiki Grenouille.
Powered by MediaWiki
GNU Free Documentation License, sous les copyrights des membres de l