Introduction | METAWIN measurement system | People | Papers | Software | Research

Introduction to the DARWIN project

The project DARWIN+ is carried out at Forschungszentrum Telekommunikation Wien (ftw.) in collaboration with two industry partners, mobilkom austria (the leading mobile operator in Austria, EU) and Kapsch CarrierCom (KCC), and with the Technical University of Vienna (INTHF dept) as academic partner. The project team involves c.ca 6 people between engineers and researchers. The industrial partners contribute 55% of the total budget, while 45% is covered by public funding through the COMET program.

DARWIN+ is based on the achievements of a series of previous project started with METAWIN launched in 2004. The goal of METAWIN was to develop a large-scale monitoring system for the core network of a 3G environment, to deploy it in the operational network of mobilkom austria, and to analyse sample traces in order to gain insight into the traffic network behaviour. The exploration of the traces revealed a number of issues related to performance monitoring, anomaly detection and security aspects in the 3G network. The subsequent projects continued the research started in METAWIN on these issues.

The METAWIN monitoring system

The monitoring system was entirely developed during the METAWIN project as a tool for research in 3G traffic analysis. The METAWIN system can monitor traffic on all the interfaces of the packet-switched core network, for both GPRS and UMTS. Each frame (user packets and signaling messages) is recorded locally along with additional external information (timestamps, originating cell, MS, etc.). Due to privacy requirements the frames are completely anonymized on-the-fly before being stored in memory. All subscriber-related fields at any layer of the 3GPP protocol stack (e.g. IMSI, MSISDN, IMEI) are hashed with a secure non-invertible function, while the user payload at the application layer can be stripped-off, blanked or hashed. An on-line stateful module tracks the current PTIMSI and cell for each Mobile Station (MS), so that each packet can be associated to the originating cell and MS - the latter being identified by local unique tokens since the anonymization process obscures their identity. In order to meet the requirement of on-line anonymization we developed a complete protocol parser for the whole protocol stack of the 3G core network (Gn, IuPS, Gb, ...). Recently the system was extended to monitor the Iub interface in the UTRAN.

The entire system was developed from the scratch within the project, running on the popular open-source operating system Linux. Additional pieces of code have been developed to extract statistics and data out of the raw packet traces. A large-scale deployment of the METAWIN system is now running in the network of mobilkom austria and is used for both production purposes and as a research platform. In parallel to the research project, the METAWIN protype has been consolidated into a commercial carrier-grade product that is commercialized by Kapsch CarrierCom.

People

Project team:

• Fabio Ricciato (ftw.) - Project Manager and contact person (ricciato {AT} ftw [dot] at)
• Alessandro D'Alconzo
• Peter Romirer
• Eduard Hasenleithner
• Rene Pilz
• Tobias Witek
• Arian Baer
• Alexander Platzer
• Giammarco Zacheo
• Philipp Svoboda (Technical University of Vienna)

Reference contact persons from partners

• Werner Wiedermann (mobilkom austria)
• Johannes Motz (Kapsch CarrierCom)
• prof. Markus Rupp (TU Wien)
• Martin Karner (mobilkom austria)
• Wolfgang Karner (mobilkom austria)
• Diana Sepetanc (Kapsch CarrierCom)

Past visiting PhD students

• Angelo Coluccia (Univ. of Salento)
• Francesco Vacirca (U. La Sapienza)
• Vincenzo Falletta (U. La Sapienza)

Past members

• Esa Hyytia
• Mike Sedlak (Kapsch CarrierCom)
• Werner Jäger (Kapsch CarrierCom)
• Peter Krüger (Kapsch CarrierCom)

Papers

The following papers and reports were published based on the research in METAWIN / DARWIN (copyright notice):

• F. Ricciato, A. Coluccia, A. D'Alconzo A review of DoS attack models for 3G cellular networks from a system-design perspective, Computer Communications (DOI 10.1016/j.comcom.2009.11.015)
• A. Coluccia, F. Ricciato, P. Romirer-Maierhofer, On Robust Estimation of Network-wide Packet Loss in 3G Cellular Networks, 5th IEEE BROADBAND WIRELESS ACCESS WORKSHOP (BWA'09), co-located with IEEE GLOBECOM 2009.
• A. D'Alconzo, A. Coluccia, F. Ricciato, P. Romirer-Maierhofer, A Distribution-Based Approach to Anomaly Detection for 3G Mobile Networks, IEEE GLOBECOM 2009.
• F. Ricciato, A. Coluccia, A. D'Alconzo, D. Veitch, P. Borgnat, P. Abry, On the role of flows and sessions in Internet traffic modeling: an explorative toy-model, IEEE GLOBECOM 2009. (see slides)
• P. Abry, P. Borgnat, F. Ricciato, A. Scherrer, D. Veitch, Revisiting an old friend: On the observability of the relation between Long Range Dependence and Heavy Tail, Telecommunication Systems (Springer), Special issue on "Traffic Modeling, Its Computations and Applications", to appear in 2009 (link to camera ready)
• P. Romirer, F. Ricciato, A. D'Alconzo, R. Franzan, W. Karner, Network-wide measurements of TCP RTT in 3G, 1st Int'l Workshop on Traffic Monitoring and Analysis (TMA 2009) 11 May 2009, Aachen, Germany. Published in LNCS vol. 5537 (link)
• P. Svoboda, E. Hyytia, F. Ricciato, M. Rupp, M. Karner, Detection and Tracking of Skype in a live 3G Network exploiting Cross Layer Information, 1st Int'l Workshop on Traffic Monitoring and Analysis (TMA 2009) 11 May 2009, Aachen, Germany. Published in LNCS vol. 5537 (link)
• P. Romirer, F. Ricciato, Towards Anomaly Detection in One-Way Delay Measurements for 3G Mobile Networks: A Preliminary Study, 8th IEEE International Workshop on IP Operations and Management (IPOM 2008) 24–25 September 2008, Samos Island, Greece.
• P. Romirer, F. Ricciato, A. Coluccia, Explorative Analysis of One-way Delays in a Mobile 3G Network, 16th IEEE Workshop on Local and Metropolitan Area Networks (LANMAN 2008) 3–6 September 2008, Cluj-Napoca, Romania. A preliminary version is available as Internal Technical Report (pdf).
• F. Ricciato, E. Hasenleithner, P. Romirer-Maierhofer, Traffic analysis at short time-scales: an empirical case study from a 3G cellular network, IEEE Transactions on Network and Service Management (to appear 2008).
• V. Falletta, F. Ricciato, Detecting Scanners: Empirical Assessment on a 3G Network, International Journal of Network Security, vol. 9, n. 2, pp. 143-155 September 2009. (pdf)
• P. Svoboda, F. Ricciato, M. Rupp, Bottleneck Footprints in TCP over Mobile Internet Accesses, IEEE Communicatons Letters, vol. 11, n. 11, November 2007. (pdf)
• E. Hasenleithner, F. Ricciato, Observations at short time-scales from the edge of a cellular data network, Technical Report FTW-TR-2007-001, January 2007 (pdf). A short version was presented as poster at PAM 2007.
• F. Ricciato, Traffic Monitoring and Analysis for the Optimization of a 3G network, IEEE Wireless Communications - Special Issue on 3G/4G/WLAN/WMAN Planning, vol. 13, n. 6, December 2006 (pdf).
• F. Ricciato, F. Vacirca, P. Svoboda, Diagnosis of Capacity Bottlenecks via Passive Monitoring in 3G Networks: an Empirical Analysis, Computer Networks, vol. 51, n.4, pp. 1205-1231, March 2007. A camera-ready version was published as Technical Report FTW-TR-2006-008, May 2006 (pdf).
• C. Dumard, F. Ricciato, T. Zemen, PCA Analysis of Mobility Data from an Operational GPRS Network, accepted to 1st Int'l Conference on Communication and Networking in China (CHINACOM), Beijing, China, October 25-27 2006.
• F. Ricciato et al. Traffic monitoring and analysis in 3G networks: lessons learned from the METAWIN project, Elektrotechnik & Informationstechnik (2006) 123/7/8, July 2006.
• F. Ricciato, Some Remarks on Recent Papers on Traffic Analysis, editorial for ACM Computer Communication Review, vol. 36, n. 3, July 2006. (pdf)
• F. Ricciato, Unwanted Traffic in 3G Networks, editorial for ACM Computer Communication Review, vol. 36, n. 2, April 2006. (pdf)
• F. Ricciato, F. Vacirca, W. Fleischer, J. Motz, M. Rupp, Passive Tomography of a 3G Network: Challenges and Opportunities, at IEEE INFOCOM 2006 (poster proposal, slides).
• F. Ricciato, P. Svoboda, E. Hasenleithner, W. Fleischer, On the Impact of Unwanted Traffic onto a 3G Network, Technical Report FTW-TR-2006-006, February 2006. (pdf). 2nd Int'l workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPeru06), Lyon, France, June 29, 2006.
• F. Vacirca, T. Ziegler, E. Hasenleithner, An Algorithm to Detect TCP Spurious Timeouts and its Application to Operational UMTS/GPRS Networks, Computer Networks, vol. 50, n. 16, pp. 2981-3001, November 2006. This work was in collaboration with N0 project. (camera ready pdf)
• P. Svoboda, F. Ricciato, E. Hasenleithner, R. Pilz, Composition of GPRS/UMTS traffic : snapshots from a live network, 4th Int'l Workshop on Internet Performance, Simulation, Monitoring and Measurement, Salzburg (IPS-MOME'06), Austria, 27-28 February 2006. (camera ready pdf)
• F. Ricciato, W. Fleischer, Bottleneck Detection via Aggregate Rate Analysis : A Real Case in a 3G Network, short paper at IEEE/IFIP NOMS'06. (extended version pdf).
• Ricciato, F. Vacirca, M. Karner, Bottleneck Detection In UMTS Via TCP Passive Monitoring: A Real Case, Proc. of ACM CoNEXT'05, October 24-27, 2005, Toulouse, France. (pdf)
• F. Vacirca, F. Ricciato, Rene Pilz, Large-Scale RTT Measurements from an Operational UMTS/GPRS Network, Proc. of the First International Conference on Wireless Internet (IEEE WICON 05), July 10-15, 2005, Budapest, Hungary. (pdf)
• Vacirca, T. Ziegler, E. Hasenleithner, Estimating Frequency and Effects of TCP Spurious Retransmission Timeouts by Traffic Monitoring in Operational GPRS Networks, Proc. of 19th Int'l Teletraffic Congress (ITC'05), August 29 - September 2, 2005, Beijng, China. (camera ready pdf)
• F. Ricciato, R. Pilz, E. Hasenleithner, Measurement-based Optimization of a 3G Core Network: a Case Study, 6th Int'l Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networking (NEW2AN'06), St. Petersburg, Russia, May 29 2006. (camera ready). An earlier version was published as Technical Report FTW-TR-2005-009 (pdf).
• Hao Yang, Fabio Ricciato, Songwu Lu, Lixia Zhang, Securing a Wireless World, Proceeding of the IEEE - Special Issue on Cryptography and Security Issues, vol. 94, n. 2, February 2006 (pdf).

Software

Some of the above papers did include measurements of TCP performance indicators (e.g. Spurious Retransmission Time-Outs) that were accomplished by a version of the tcptrace tool modified by Francesco Vacirca. You can find the code here.