Re: MRTG in Fourier Space

[Dave Plonka <plonka () doit wisc edu>]

Hi Crist,

On Tue, Apr 21, 2009 at 05:12:04PM -0700, Crist Clark wrote:
> Has anyone found any value in examining network utilization
> numbers with Fourier analyses? After staring at pretty
> MRTG graphs for a bit too long today, I'm wondering if
> there are some interesting periodic characteristics in the
> data that could be easily teased out beyond, "Well, the
> diurnal fluctuations are obvious, but looks like we may
> have some hourly traffic spikes in there too. And maybe
> some of those are bigger every fourth hour."
>
> A quick Google search turned up nothing at all.

Such techniques are used in the are of network anomaly detection.
For instance, a search for "network anomaly detection" at
scholar.google.com will yield very many results.

Our 2002 paper, "A Signal Analysis of Network Traffic Anomalies"
[ACM SIGCOMM Internet Measurement Workshop 2002, Barford, et al.],
is one such work.  We mention that we use wavelet analysis rather
than Fourier analysis because wavelet/framelet analysis is able
to localize events both in the frequency and time domains, whereas
Fourier analysis would localize the events only in frequency, so an
iterative approach (with varying intervals of time) would be necessary.
In general, this is the reason why Fourier analysis has not been a
common technique used in network anomaly detection.

That work used data stored in RRD files at five minute intervals.
Our subsequent work used data stored at one second intervals, again
in RRD files.

Dave

-- 
plonka () cs wisc edu  http://net.doit.wisc.edu/~plonka/  Madison, WI