PV210 Quantitative Analysis of Internet Traffic

Faculty of Informatics
Autumn 2008
Extent and Intensity
2/0/1. 3 credit(s) (plus extra credits for completion). Type of Completion: zk (examination).
Ing. Ladislav Lhotka, CSc. (lecturer), doc. RNDr. Eva Hladká, Ph.D. (deputy)
Guaranteed by
prof. RNDr. Václav Matyáš, M.Sc., Ph.D.
Department of Computer Systems and Communications - Faculty of Informatics
Contact Person: doc. RNDr. Eva Hladká, Ph.D.
Mon 12:00–15:50 B411
basic calculus, probability and statistics
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
fields of study / plans the course is directly associated with
there are 37 fields of study the course is directly associated with, display
Course objectives
The lecture deals with aggregated characteristics of TCP/IP data traffic in high-speed networks and with mathematical and visualisation methods for their analysis. Apart from traffic volume quantities (byte, packet and flow counts), the primary focus will be on IP traffic flows with emphasis on detection of anomalies such as network failures and massive attacks. The studied methods will be illustrated on traffic samples from the CESNET2 backbone network.
After finishing the course, the students should be able to:
understand the structure of data on backbone lines;
utilize basic methods for analysis of aggregated data about Internet traffic;
  • Fundamentals of TCP/IP communication and main quantitative characteristics of data traffic.
  • IP data flows, measurement methods, tools for their analysis and visualisation.
  • Characteristic features of major application protocols (HTTP, FTP, SSH, P2P, XMPP etc.)
  • Traffic volume quantities (byte and packet counts), time-series analysis, prediction methods
  • Distribution of key items of IP flows (addresses and ports) in traffic samples: entropy and principal component analysis
  • Quantitative characteristics of multidimensional samples: fractal and correlation dimension, multifractal measures
  • Quittek J. et al. Requirements for IP Flow Information Export (IPFIX). RFC 3917, IETF, 2004.
  • Cook D., Swayne D. F.: Interactive and Dynamic Graphics for Data Analysis. Springer, 2007.
  • Kohler E. et al. Observed structure of addresses in IP traffic. IEEE/ACM Trans. Networking 14(6):1400-1412, 2006.
  • Peitgen H.-O., Jürgens H., Saupe D.: Chaos and Fractals: New Frontiers of Science. Springer, 1992.
  • Venables W. N., Ripley B. D.: Modern Applied Statistics with S. Springer, 2002.
  • Lakhina A., Crovella M., Diot C. Mining anomalies using traffic feature distributions. In: Proc. ACM SIGCOMM'05, p. 217-228, 2005.
  • Wei W. W. S. Time Series Analysis, Second Edition. Pearson, 2006.
Assessment methods
Standard lecture with homeworks during the semester, written exam.
Language of instruction
Further Comments
Study Materials
The course is taught annually.
The course is also listed under the following terms Autumn 2009, Autumn 2010, Autumn 2011, Autumn 2012, Autumn 2013, Autumn 2014, Autumn 2015, Autumn 2016, Autumn 2017, Autumn 2018, Autumn 2019, Autumn 2021.
  • Enrolment Statistics (Autumn 2008, recent)
  • Permalink: https://is.muni.cz/course/fi/autumn2008/PV210