ANFORA (plan nacional de I+D)
ANFORA (Análisis FORense, longitudinAl y ciego de tráfico de Internet) focuses on forensic, longitudinal and blind analysis of Internet traffic. By forensic analysis we mean the collection of a huge amount of data for anomaly detection post-mortem. To this end, sampling algorithms are employed, together with reconfigurable computing (FPGA) equipment and massive, fast-access databases. There is a clear application in security.
By longitudinal analysis we mean that the data sample has a very long duration, so as to identify growth trends with applications in capacity planning and early detection of bandwidth bottlenecks. To this end we use prediction algorithms, which are normally based in multivariate Gaussian random variables. Change-point detection algorithms will also be subject of investigation.
By blind analysis we mean the traffic analysis and classification with no payload inspection. Actually, P2P traffic can be encrypted and tunnelled through wel-known ports (such port 80). Thus, the deep packet inspection techniques fail to classify a large traffic share. Discriminant techniques are normally used for such blind analysis, which use packet sizes or interarrival times as discriminants. For example, note that voice over IP traffic shows a different traffic generation pattern than a movie download. A dialog-based analysis is also performed, as deemed characteristic of several services (Bittorrent, for instance).
ANFORA will gather traffic from both the UAM access link and the RedIris production network. A novel measurement infrastructure will be put together for the former, which will be based on reconfigurable computing and GPS timestamping. The latter will provide the flow-level Netflow traffic, together with volumes (bytes per interval). The measurement campaign duration is six years approximately.
In conclusion, ANFORA pursues the following objectives: i) the development of a novel measurement plattform in the UAM access link, ii) the collection of the largest traffic traces from RedIris and UAM in the whole country, iii) the investigation in fundamental issues related to forensic, longitudinal and blind analysis of traffic and iv) the validation of such algorithms with real traffic traces, either online or offline. The project will make fundamental contributions in the traffic analysis field, with a possible technology transfer application.