1. Stochastic Modeling of Traffic
The following three novel general models will be investigated:
Traffic Modeling Based on Renewal Processes (Model 1 and Model 2). The first model that will be used for the modeling of traffic bursts in data networks is variable duration renewal processes with Interactive Switching Markov Model for transitions between different time scales. This model is quite rich and allows us to describe the multi-scale nature of traffic bursts in large data networks. This approach marries two popular and powerful probabilistic modeling techniques– the theory of renewal processes and hidden Markov modeling (HMM). We expect to demonstrate a substantial advantage of this model over the conventional approaches.
The graphical illustration of the proposed model in shown in
Figure. RPM(i) denotes the renewal process model at time
scale i, with a finite number of scales (models) N.
We allow switches (jumps) between RPMs according to a Markov chain
with the probability transition matrix 
This jump Markov process describes the transitions form one
scale to another, and its state 
at
time n indicates that the traffic follows the model RPM(i)
at this time. Markov-chain controlled renewal processes seem
to be a very powerful tool in modeling multi-scale bursts.
The second model for modeling multi-scale traffic bursts is a mixture of renewal processes with different shape/scale parameters. While ordinary renewal processes describe a sequence of correlated events with independent time intervals between events, this model allows one to describe a sequence of correlated events with correlated time intervals between events. This extension turns out to be important for the LDNW traffic modeling. The milestone is to choose suitable types of renewal processes such as Gamma, Weibull, Gamma-Weibull, heavy-tailed, etc.
Traffic Modeling Based on Fractional Diffusion Processes (Model 3). Preliminary analysis of traffic processes in LDNWs shows their long-range dependence and fractal-like behavior. The usefulness of fractal white Gaussian noise for the Ethernet and ATM traffic modeling has been illustrated. In this research, we will build extensions of the existing fractal models in the form of fractal diffusion processes driven by fractal white noise. We will study and develop stochastic calculus methods for these kind of processes, and related filtering methods, in application to LDNW traffic modeling and identification. Milestones: (i) development of the fractal diffusion-type model; (ii) training the model and testing its validity by simulation.
2. Model/System Training/Identification
Stochastic modeling is one direction of the research. The second direction is to provide model/system training/identification. This task includes development of identification algorithms and learning procedures for model training. Recent advances in hidden Markov modeling (HMM) and optimal nonlinear filtering (ONF) have yielded a new generation of fast and optimal training/identification algorithms. Based on these results, we will develop and demonstrate advantages of the ONF-based identification algorithm for training and testing the models developed in the previous task. Also, we will develop and implement the dynamic programming approach along with Expectation-Maximization algorithms for re-estimation of model parameters. Milestones are: (i) development of identification algorithms as well as related codes for Model 1, Model 2, and Model 3; (ii) training the models and testing the performance of the identification algorithms; (iii) fine tuning the models and algorithms.
3. Failures/Viruses/Intrusions Detection
Another important direction is detection of failures/viruses/intrusions in LDNWs. The structure of an information system can be described by a stochastic model, and a failure leads to an abrupt change of the structure. Likewise, the virus occurrence leads to a change in traffic pattern (model). These changes can be detected by applying change-point detection algorithms.
To be specific, the problem of detecting system failures and viruses will be formulated and solved as a quickest change detection problem, i.e. the fastest detection of a change in the model. This problem involves two performance indices: the rate of false alarms and speed of the detection after the failure or virus occurs. It is our goal to develop detection algorithms that would minimize the average detection delay for a given false alarm rate, i.e. to minimize the loss due to high-speed attacks. To this end, recent advances in the sequential change-point detection (CPD) phenomena will be used. These advances allow one to extend the conventional CPD theory, which relies on the assumption of i.i.d. pre-change and post-change observations, to general statistical models with nuisance parameters. These last results fit well into our general models for traffic in LDNWs and large-scale information systems. Milestones are: (i) developing suitable detection algorithms that would account for prior uncertainty with respect to the model after change; (ii) testing the performance of the detection by simulation; (iii) tuning engineering parameters of algorithms.
4. Validation Through Simulation and Implementation
Finally, the testing and validation of proposed models and algorithms should be done by using realistic simulation scenarios and real data. We will use the ns network simulator to evaluate and validate the proposed traffic models. We will drive our simulations using real Internet traffic in the form of publicly available packet traces. We anticipate that besides the theoretical contributions, the proposed traffic models will have a considerable impact on practice of computer networking.
The developed models and algorithms will be also tested and validated through emulation and full-down implementation. We will use existing experimental network testbeds (available in ISI) which are real networks that are dedicated to deploying, testing, and evaluating new protocols, before deployment on a real network.
