15.8NIMar 10
Role Classification of Hosts within Enterprise Networks Based on Connection PatternsGodfrey Tan, Massimiliano Poletto, John Guttag et al.
Role classification involves grouping hosts into related roles. It exposes the logical structure of a network, simplifies network management tasks such as policy checking and network segmentation, and can be used to improve the accuracy of network monitoring and analysis algorithms such as intrusion detection. This paper defines the role classification problem and introduces two practical algorithms that group hosts based on observed connection patterns while dealing with changes in these patterns over time. The algorithms have been implemented in a commercial network monitoring and analysis product for enterprise networks. Results from grouping two enterprise networks show that the number of groups identified by our algorithms can be two orders of magnitude smaller than the number of hosts and that the way our algorithms group hosts highly reflects the logical structure of the networks.
19.7NIMar 10
The 802.11 MAC protocol leads to inefficient equilibriaGodfrey Tan, John Guttag
Wireless local area networks (WLANs) based on the family of 802.11 technologies are becoming ubiquitous. These technologies support multiple data transmission rates. Transmitting at a lower data rate (by using a more resilient modulation scheme) increases the frame transmission time but reduces the bit error rate. In non-cooperative environments such as public hot-spots or WLANs operated by different enterprises that are physically close to each other, individual nodes attempt to maximize their achieved throughput by adjusting the data rate or frame size used, irrespective of the impact of this on overall system performance. In this paper, we show both analytically using a game theoretic model and through simulation that the existing 802.11 distributed MAC protocol, DCF (for Distributed Coordination Function), as well as its enhanced version, which is being standardized as part of 802.11e, can lead non-cooperative nodes to undesirable Nash equilibriums in which the wireless channel is inefficiently used. We show that by establishing independence between the allocation of the shared channel resource and the transmission strategies used by individual nodes, an ideal MAC protocol can lead rational nodes to arrive at equilibriums in which all competing nodes achieve higher throughputs than with DCF.