JCICT &The first Yellow Sea International Conference on Ubiquitous Computing (YES-ICUC) 2011, August 2011 Copyright ⓒ 2011 JCICT &YES-ICUC

Useless traffic in internet: A road to efficient internet

Muhammad Bilal1, Kang Moonsoo2

1 Network architecture and Analysis laboratory, Chosun UniversityGwangju, 501759 – South Korea[e-mail: engr.mbilal@yahoo.com]

1 Network architecture and Analysis laboratory, Chosun UniversityGwangju, 501759 – South Korea[e-mail: mskang@chosun.ac.kr]

*Corresponding author: Sangman Moh

Abstract

The Unwanted traffic (UWT) in internet is now becoming a huge concern due to wastage of resources. The classification and identification of UWT in core and access part of internet is very important for protection and further advancement of standardization. Ethernet and Wifi are two broadly used access technologies. Both are studied in this work to find out amount of UWT due to wrong or weak implementation of protocols. By analyzing the traffic traces we calculated the amount of UWT and it impact on energy consumption in Ethernet and WiFi. This work can be extended to find out improvement points in existing technologies which leads to give a guide line for future standardization.

Keywords: Traffic analysis, unwanted traffic, energy consumption, traffic catagorization,

This research was supported by a research grant from the IT R&D program of MKE/IITA, the Korean government [2005-Y-001-04, Development of Next Generation Security Technology]. We express our thanks to Dr. Richard Berke who checked our manuscript.

1. Introduction

During last 10 years the usage of internet increased by 500%, this abrupt increase in the usage of internet and development of internet applications were so quick that speed mismatched the standardization of networks and improvement of infrastructure. To cope with this challenge one approach is to increase the available bandwidth by improving the infrastructure, which is a very costly option; other approach is to reduce the mismanagement and misuse of internet resources. We can divide internet into two sub networks, core network and access networks. The core network is consists of optical fibers and efficient routers. Resources are not so much scarce in core network but energy consumption is becoming a big problem. In access network environment along with scarcity of resources energy consumption is also a big challenge. By reducing the misuse of internet and reducing the traffic by optimizing protocols, the problem of scarcity and power consumptions can be handled to some extent.

Rest of paper consists of orgnized as; In section II we discuss some related work, in section III we redefine unwanted traffic, its categories and effect on energy consumption, section IV is about our work and finally section V is conclusion section.

2. Related Work

Unwanted traffic (UWT) in internet is getting great attention by the research community, particularly IETF has taken very serious steps. IETF has issued RFC 4948 in this regard. To cope with UWT, many solutions has been proposed most of them had tried to solve the problem at upper layers of protocol stacks, which stops further flow of detected UWT [1][3][5]. But UWT will have to process up to at least layer 4, this causes extra consumption of power and computational resources. L-4 & 5 solutions in routing devices also violate two basic rules 1) Routers are layer 3 devices 2) Simplicity of network should be preserved.

In [3] authors had discussed the existence of UWT and its impact in 3G cellular networks. They scanned the traffic at TCP port 135 and 445 in 3G networks and revealed that 50% of uplink traffic was non productive TCP SYN. This shows that huge amount of network resources has been used

for non productive traffic activities. The L-4 or L-5 based solutions mostly try to block the IP or chunk of IP addresses in routers which are frequently sending malicious traffic. This approach not only blocks the UWT but also genuine traffic generated by that user. A scheme which separates the UWT traffic from legal traffic is presented in [1]. After identification of UWT only UWT is blocked and rest of the legal traffic is allowed to pass on. Actually some users are unaware of the fact that their terminal is generating UWT because of some malicious software, so it is not fair to block a user who is not generating the traffic intentionally. In [2] authors had investigated a mechanism to figure out IP address of a user which is intentionally intruding the network, mechanism is based on the surveillance of daily activities of user by observing firewall log traces. However this mechanism required global information sharing.

Most of the researcher and IEFT considered the malicious traffic as a UWT; generated by DDOS, SPAMS, WARMS and PHISHING. however it is observed that in different network standards especially in wireless networks there exists non-productive link layer traffic. In [4] authors have tested the IEEE 802.11 wireless standard for UWT as a link layer non productive traffic. They found that under high network utilization and high packet loss conditions most of the handoff decisions are incorrect. i-e the non-productive traffic in wireless LAN increases.

3. Unwanted Traffic (UWT)

3.1 Definition and Categorization

UWT can be define in different point of views. From the user point of view “All of the malicious, non-productive and productive (protocols overhead, control and management information etc) are UWT”. i-e any traffic other then application data is UWT. From network point of view “UWT is malicious traffic and non productive management and control traffic generated due to wrong implementation of protocols”. UWT traffic is categorized in Fig. 2, we will focus on protocol overhead but at MAC level some of the malicious traffic which is based

on broadcast can also be identified.

Fig. 1. Uunwanted traffic categories.

3.2 UWT Impact on Energy Consumption

The energy consumption in internet is now becoming a huge concern. A study in 2007 showed that 9.3% of electricity in USA and 5.3% of global electricity is consumed by the internet. Most of the research is carried out to estimate the total energy consumption in internet and different network standards [7][8][9]. According to our knowledge no one has calculated the impact of UWT on the energy consumption in internet.

The non-productive link layer traffic is generated in the Access part of the internet and similarly a large amount of malicious traffic (intentionally or unintentionally) is also generated in access part of network. If we stop unintentionally generated malicious traffic locally and reduce the nonproductive traffic, it will increase the available capacity of whole internet backbone and also have the impact on the overall energy consumption.

4. MAC level Traffic Analysis

At link layer level we can identify the productive and non productive traffic. In [4] the effect of link layer non productive traffic is observed in highly dense network with high utilization conditions. Moreover traffic traces are collocated at routers via sniffers. But in this work we want to observe the traffic from user terminal to identify non productive traffic from user point of view. We will focus on the two broadly used access networks, Ethernet and WiFi. In both cases traffic is divided into two broader categories; 1) Traffic to and from MAC address of capturing computer 2) Traffic received at network adaptor but the MAC is not MAC address of capturing computer.

The traffic with MAC of capturing PC is considered as legitimate and productive traffic. Traffic with MAC address other than MAC

address of capturing computer is further divided into five categories;1) Broadcast 2) Broadcast to and from running computer 3) Multicast 4) Multicast to and from running computer 5) Unicast.

The traffic other then broadcast or multicast is straight forward non-productive or malicious traffic. For more accurate result traffic is captured in two modes, idle when there is no work or any user level network activity and in busy mode when user is using some network services e.g using internet, printing the documents on print server etc. It is found that the amount of extra traffic is independent of user activities and it depends upon the activities of other users in network.

4.1 Results

Fig. 2 and Fig. 3 show the rate per second of total UWT and its categories (in the view of user) captured in Ethernet and WiFi respectively. Fig. 2 shows that main component of UWT is broadcast and total UWT pattern is closely related to broadcast and other Unicast traffic. However multicast pattern has no relation with total UWT, which means that broadcast and other Unicast is dependent upon the users activity while multicast is depends upon the network operations i-e network management and control operations.

Fig. 2. Rate per second of total UWT and its categories (Ethernet)

Fig. 3 shows that in WiFi main component of UWT is multicast and total UWT pattern is closely related to multicast traffic. However broadcast pattern has no relation with total UWT, which means that multicast is dependent upon the users activity while broadcast is depends upon the network operations i-e network management and control operations. Fig. 4 and Fig. 5 shows the average rate per second of total UWT in Ethernet and WiFi respectively, which shows that average rate of UWT is independent of users own activity rather it depends more on the activities of other users in network.

Fig. 3. Rate per second of total UWT and its categories (WiFi)

Fig. 4. Average Rate per second of total UWT and its categories (Ethernet)

Fig. 5. Average Rate per second of total UWT and its categories (WiFi)

4.2 Energy Consumption Estimation

To calculate the total energy consumed in UWT we first have to find out the unite energy consumption by Ethernet and WiFi. Form different datasheets of 4th generation Ethernet 802.3az we found that Ethernet adaptor consumes on average 5nj/bit of energy. Ethernet switch consumes 10nj/bit[6]. For WiFi we calculated the aggregated energy consumption per bit by using following formula.Paggt = (Prcv x Prrcv + Ptrn x Prtrn) / (Rx xPrrcv + Tx x Prtrn) = 5.42nj/bitWhere;Paggt = Aggregate Power Per Bit.Prcv = Receiving power.Prrcv = Probability to receive UWT.Rx = Download speed.Tx = Upload Speed.

Using these unit energy consumption values and rate of UWT, Table 1 shows the power

consumption of UWT in Ethernet and Wifi in Watt-Year by 20 million users, which shows that a huge amount of electricity has been wasted only in Ethernet and WiFI in the form of Protocol overheads and some other non productive traffic. It is important for future networks standardization, to include a new ratings for upper and lower bound of “Energy wastage” in network

Table 1. Power Consumption by 20million users per year

All except from my

PC

Broadcast except

from my PC

Multicast except

from my PC

Other traffic except

form my PC

WiFi469847416 42426520 4.28E+08 0

Ethernet3.962E+09 1.89E+09 1.19E+09 8.94E+08

Ethernet Switch

0.496E+09 0.247E+09 0.149E+09 0.1095 E+09

5. Future Work

New fine grain investigation of traffic traces an figure out the specific protocols and network operations generating UWT e.g, in Ethernet broadcast is the major component of UWT and further investigations showed that 45~50% of broadcast was ARP and around 40% was netbios based traffic, which means that in Ethernet to reduce UWT it is important to tune up ARP implementation. Similarly this kind of traffic analysis of network standards also gives an average value of broadcast traffic in network, if in certain abnormal conditions broadcast traffic deviates from average value, it will indicate the existence of broadcast malicious traffic. Similarly, if user terminal generate higher broadcast as compare to average acceptable value indicates the intruder or infected terminal.

4. Conclusions

The amount of unwanted traffic due to protocols implementations always exists independent of user activity but it depends upon network condition and other users activities. This UWT traffic has a significant effect on energy consumption. In Ethernet broadcast and in WiFi multicast traffic is the major factor. Solving the problem of UWT at MAC level is more beneficial then solving at

upper layers because it stops further processing of UWT. Through fine grain analysis also we can identify the frequency of the productive traffic (Control and management) and its impact on network operation. This will leads to give a guide line for future network architectures for reducing UWT. By setting threshold UWT traffic value we can identify the existence of malicious traffic to filter it at link layer level.

References

[1] F. Soldo, K. El Defrawy, A. Markopoulou, B. Krishnamurthy, J. v. d. Merwe, “Filtering Sources of Unwanted Traffic,” IEEE Information Theory and Applications Workshop, pp. 199 - 208, 2008.

[2] V. Yegneswaran, P. Barford and J. Ullrich, “Internet Intrusions: Global Characteristics and Prevalence,” ACM SIGMETRICS’03, 2003.

[3] F. Ricciato, P. Svoboda, E. Hasenleithner and W. Fleischer, “On the Impact of Unwanted Traffic onto a 3G Network,” technical report, FTW-TR-2006-006, 2006.

[4] R. Raghavendra, E. M. Belding, K. Papagiannaki, K. C. Almeroth, “Unwanted Link Layer Traffic in Large IEEE 802.11 Wireless Networks,” IEEE Transactions on Mobile Computing, pp. 1212 - 1225, 2010.

[5] Ismo Lehmus, “Methods for Identifying Unwanted Network Traffic,” TKK T-110.5290 Seminar on Network Security, 2007.

[6] Rodney S. Tucker, “Green Optical Communications—Part II: Energy Limitations in Networks,” IEEE journal of selected topics in quantum electronics, vol. 17, no. 2, 2011.

[7] D. Halperin , B. Greenstein , A. Sheth , and D. Wetherall, “Demystifying 802.11n Power Consumption,” Intel Labs Seattle Publications, 2010.

[8] J. Baliga, R. Ayre, K. Hinton, Wayne V. Sorin, and Rodney S. Tucker, “Energy Consumption in Optical IP Networks,” Journal of lightwave technology, VOL. 27, NO. 13, 2009.

[9] J. Baliga, K. Hinton and R. S. Tucker, “Energy Consumption of the Internet,”Joint International Conference on Optical Internet, 2007.