Introduction | METAWIN measurement system | People | Papers | Software | Research

Introduction to the DARWIN project

The project DARWIN was started on September 2006 at the Forschungszentrum Telekommunikation Wien (ftw.). It is an application-oriented research project, involving a total budget of approximately 1 Mio€ and a staff of 6 FTEs (Full Time Equivalents) over 2 years. The other project partners are mobilkom austria (the leading mobile operator in Austria, EU), Kapsch CarrierCom (KCC) and the Technical University of Vienna (INTHF dept). The industrial partners contribute 55% of the total budget, while 45% is covered by public funding through the Kplus program.

DARWIN is based on the achievements of a previous project, called METAWIN (Project Homepage), which ran from January 2004 to August 2005. The goal of METAWIN was to develop a large-scale monitoring system for the core network of a 3G environment, to deploy it in the operational network of mobilkom austria, and to analyse sample traces in order to gain insight into the traffic network behaviour. The exploration of the traces revealed a number of issues related to performance monitoring, anomaly detection and security aspects in the 3G network. DARWIN is meant to continue the research started in METAWIN on these issues.

The METAWIN monitoring system

The monitoring system was entirely developed during the METAWIN project as a tool for research in 3G traffic analysis. The system can monitor traffic on all the interfaces of the packet-switched core network, for both GPRS and UMTS. Each frame (user packets and signaling messages) is recorded locally along with additional external information (timestamps, originating cell, MS, etc.). Due to privacy requirements the frames are completely anonymized on-the-fly before being stored in memory. All subscriber-related fields at any layer of the 3GPP protocol stack (e.g. IMSI, MSISDN, IMEI) are hashed with a secure non-invertible function, while the user payload at the application layer can be stripped-off, blanked or hashed. An on-line stateful module tracks the current PTIMSI and cell for each Mobile Station (MS), so that each packet can be associated to the originating cell and MS - the latter being identified by local unique tokens since the anonymization process obscures their identity. In order to meet the requirement of on-line anonymization we had to develop a complete protocol parser for the whole protocol stack of the 3G core network (Gn, IuPS, Gb, ...).

The entire system was developed from the scratch within the project, running on the popular open-source operating system Linux. Additional pieces of code have been developed to extract statistics and data out of the raw packet traces. In parallel to the research project, the METAWIN protype is now being consolidated into a commercial carrier-grade product that will be commercialized by Kapsch CarrierCom. More info on the commercial version is available here.

People

The following people are currently involved in the DARWIN project:

• Fabio Ricciato (ftw.) - Project Manager and contact person (ricciato {AT} ftw [dot] at)
• Eduard Hasenleithner (ftw.)
• Rene Pilz (ftw.)
• Peter Romirer (ftw.)
• Tobias Witek (ftw.)
• Mike Sedlak (Kapsch)
• Werner Jäger (Kapsch)
• Philipp Svoboda (Technical University)
• Alessandro D'Alconzo
• Esa Hyytia (ftw.)

Past members

• Peter Krüger (Kapsch)
• Francesco Vacirca (was visiting PhD student during METAWIN)
• Vincenzo Falletta (visiting PhD)

Papers

The following papers and reports were published based on the METAWIN / DARWIN traces (copyright notice):

• A. Coluccia, F. Ricciato, P. Romirer-Maierhofer, On Robust Estimation of Network-wide Packet Loss in 3G Cellular Networks, 5th IEEE BROADBAND WIRELESS ACCESS WORKSHOP (BWA'09), co-located with IEEE GLOBECOM 2009 (to appear).
• A. D'Alconzo, A. Coluccia, F. Ricciato, P. Romirer-Maierhofer, A Distribution-Based Approach to Anomaly Detection for 3G Mobile Networks, IEEE GLOBECOM 2009 (to appear).
• F. Ricciato, A. Coluccia, A. D'Alconzo, D. Veitch, P. Borgnat, P. Abry, On the role of flows and sessions in Internet trafÞc modeling: an explorative toy-model, IEEE GLOBECOM 2009 (to appear).
• P. Abry, P. Borgnat, F. Ricciato, A. Scherrer, D. Veitch, Revisiting an old friend: On the observability of the relation between Long Range Dependence and Heavy Tail, Telecommunication Systems (Springer), Special issue on "Traffic Modeling, Its Computations and Applications", to appear in 2009 (link to camera ready)
• P. Romirer, F. Ricciato, A. D'Alconzo, R. Franzan, W. Karner, Network-wide measurements of TCP RTT in 3G, 1st Int'l Workshop on Traffic Monitoring and Analysis (TMA 2009) 11 May 2009, Aachen, Germany. Published in LNCS vol. 5537 (link)
• P. Svoboda, E. Hyytia, F. Ricciato, M. Rupp, M. Karner, Detection and Tracking of Skype in a live 3G Network exploiting Cross Layer Information, 1st Int'l Workshop on Traffic Monitoring and Analysis (TMA 2009) 11 May 2009, Aachen, Germany. Published in LNCS vol. 5537 (link)
• P. Romirer, F. Ricciato, Towards Anomaly Detection in One-Way Delay Measurements for 3G Mobile Networks: A Preliminary Study, 8th IEEE International Workshop on IP Operations and Management (IPOM 2008) 24–25 September 2008, Samos Island, Greece.
• P. Romirer, F. Ricciato, A. Coluccia, Explorative Analysis of One-way Delays in a Mobile 3G Network, 16th IEEE Workshop on Local and Metropolitan Area Networks (LANMAN 2008) 3–6 September 2008, Cluj-Napoca, Romania. A preliminary version is available as Internal Technical Report (pdf).
• F. Ricciato, E. Hasenleithner, P. Romirer-Maierhofer, Traffic analysis at short time-scales: an empirical case study from a 3G cellular network, IEEE Transactions on Network and Service Management (to appear 2008).
• V. Falletta, F. Ricciato, Detecting Scanners: Empirical Assessment on a 3G Network, International Journal of Network Security, vol. 9, n. 2, pp. 143-155 September 2009. (pdf)
• P. Svoboda, F. Ricciato, M. Rupp, Bottleneck Footprints in TCP over Mobile Internet Accesses, IEEE Communicatons Letters, vol. 11, n. 11, November 2007. (pdf)
• E. Hasenleithner, F. Ricciato, Observations at short time-scales from the edge of a cellular data network, Technical Report FTW-TR-2007-001, January 2007 (pdf). A short version was presented as poster at PAM 2007.
• F. Ricciato, Traffic Monitoring and Analysis for the Optimization of a 3G network, IEEE Wireless Communications - Special Issue on 3G/4G/WLAN/WMAN Planning, vol. 13, n. 6, December 2006 (pdf).
• F. Ricciato, F. Vacirca, P. Svoboda, Diagnosis of Capacity Bottlenecks via Passive Monitoring in 3G Networks: an Empirical Analysis, Computer Networks, vol. 51, n.4, pp. 1205-1231, March 2007. A camera-ready version was published as Technical Report FTW-TR-2006-008, May 2006 (pdf).
• C. Dumard, F. Ricciato, T. Zemen, PCA Analysis of Mobility Data from an Operational GPRS Network, accepted to 1st Int'l Conference on Communication and Networking in China (CHINACOM), Beijing, China, October 25-27 2006.
• F. Ricciato et al. Traffic monitoring and analysis in 3G networks: lessons learned from the METAWIN project, Elektrotechnik & Informationstechnik (2006) 123/7/8, July 2006.
• F. Ricciato, Some Remarks on Recent Papers on Traffic Analysis, editorial for ACM Computer Communication Review, vol. 36, n. 3, July 2006. (pdf)
• F. Ricciato, Unwanted Traffic in 3G Networks, editorial for ACM Computer Communication Review, vol. 36, n. 2, April 2006. (pdf)
• F. Ricciato, F. Vacirca, W. Fleischer, J. Motz, M. Rupp, Passive Tomography of a 3G Network: Challenges and Opportunities, at IEEE INFOCOM 2006 (poster proposal, slides).
• F. Ricciato, P. Svoboda, E. Hasenleithner, W. Fleischer, On the Impact of Unwanted Traffic onto a 3G Network, Technical Report FTW-TR-2006-006, February 2006. (pdf). 2nd Int'l workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPeru06), Lyon, France, June 29, 2006.
• F. Vacirca, T. Ziegler, E. Hasenleithner, An Algorithm to Detect TCP Spurious Timeouts and its Application to Operational UMTS/GPRS Networks, Computer Networks, vol. 50, n. 16, pp. 2981-3001, November 2006. This work was in collaboration with N0 project. (camera ready pdf)
• P. Svoboda, F. Ricciato, E. Hasenleithner, R. Pilz, Composition of GPRS/UMTS traffic : snapshots from a live network, 4th Int'l Workshop on Internet Performance, Simulation, Monitoring and Measurement, Salzburg (IPS-MOME'06), Austria, 27-28 February 2006. (camera ready pdf)
• F. Ricciato, W. Fleischer, Bottleneck Detection via Aggregate Rate Analysis : A Real Case in a 3G Network, short paper at IEEE/IFIP NOMS'06. (extended version pdf).
• Ricciato, F. Vacirca, M. Karner, Bottleneck Detection In UMTS Via TCP Passive Monitoring: A Real Case, Proc. of ACM CoNEXT'05, October 24-27, 2005, Toulouse, France. (pdf)
• F. Vacirca, F. Ricciato, Rene Pilz, Large-Scale RTT Measurements from an Operational UMTS/GPRS Network, Proc. of the First International Conference on Wireless Internet (IEEE WICON 05), July 10-15, 2005, Budapest, Hungary. (pdf)
• Vacirca, T. Ziegler, E. Hasenleithner, Estimating Frequency and Effects of TCP Spurious Retransmission Timeouts by Traffic Monitoring in Operational GPRS Networks, Proc. of 19th Int'l Teletraffic Congress (ITC'05), August 29 - September 2, 2005, Beijng, China. (camera ready pdf)
• F. Ricciato, R. Pilz, E. Hasenleithner, Measurement-based Optimization of a 3G Core Network: a Case Study, 6th Int'l Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networking (NEW2AN'06), St. Petersburg, Russia, May 29 2006. (camera ready). An earlier version was published as Technical Report FTW-TR-2005-009 (pdf).
• Hao Yang, Fabio Ricciato, Songwu Lu, Lixia Zhang, Securing a Wireless World, Proceeding of the IEEE - Special Issue on Cryptography and Security Issues, vol. 94, n. 2, February 2006 (pdf).

Software

Some of the above papers did include measurements of TCP performance indicators (e.g. Spurious Retransmission Time-Outs) that were accomplished by a version of the tcptrace tool modified by Francesco Vacirca. You can find the code here.

Other resources on Traffic Measurements in 3G Mobile Networks

We are maintaining a resource index for published material (papers, reports, links to other projects, etc.). Find it here and feel free to contribute (e.g. pointing to additional new works).

Research Ideas, Thoughts and Other Material

This a list of observations, ideas and other material related to traffic monitoring in 3G. They are meant to be shared with the research community and trigger new research directions. Some of them are already being carried on within the DARWIN project. Others are just pointers to "future work". We are open to possible collaborations with other research centers interested in the field.

• Bottleneck detection and network tomography in 3G
• Security aspects in 3G
• ...