Sliding Modes for Anomaly Observation in TCP Networks: From Theory to Practice

Author

Rahme, S. ; Labit, Yann ; Gouaisbaut, Frederic ; Floquet, Thierry

Author_Institution

LAAS, Toulouse, France

Volume

21

Issue

3

fYear

2013

fDate

May-13

Firstpage

1031

Lastpage

1038

Abstract

Anomaly detection has been an active open problem in the networks community for several years. In this brief, we aim at detecting such abnormal signals by control theory techniques. Several classes of sliding mode observers are proposed for a fluid flow model of the transmission control protocol (TCP)/internet protocol network. Comparative simulations via network simulator NS-2 show the enhancement brought by a higher order sliding mode observer. The efficiency of this observer opens the way toward observing traffics with real TCP flow characteristics. To achieve this end, trace replay techniques for TCP traffic traces are presented. Finally, experiments lead to successful anomaly estimation under real traffic conditions.

Keywords

Internet; discrete event simulation; observers; telecommunication traffic; transport protocols; variable structure systems; TCP flow characteristics; TCP networks; TCP traffic traces; Transmission Control Protocol-Internet Protocol network; anomaly detection; anomaly estimation; anomaly observation; control theory techniques; fluid flow model; higher order sliding mode observer; network simulator NS-2; trace replay techniques; Asymptotic stability; Convergence; Mathematical model; Observers; Protocols; Shape; Stability analysis; Anomalies; NS-2; TCP Protocol; faults detection and reconstruction; quality of service; sliding mode observers; time delayed systems; traffic trace replay;

fLanguage

English

Journal_Title

Control Systems Technology, IEEE Transactions on

Publisher

ieee

ISSN

1063-6536

Type

jour

DOI

10.1109/TCST.2012.2198648

Filename

6214591