Real-time Packet Loss Detection for TCP and UDP Based on Feature-Sketch

Abstract

Nowadays, networks are often impaired by cyber attacks, which leads to network quality of service degradation. Packet loss is one of the essential and concerning symptoms during these attacks. And thus the real-time detection of packet loss is conducive to network anomaly monitoring. Existing passive packet loss detection methods mainly study the packet loss for TCP using header information and few focus on that of UDP due to its limited header information. Besides, such Deep Packet Inspection (DPI) based packet loss detection is resource consuming and impractical for high-speed network. To address these problems, we propose a novel framework called LossDetection based on packet sampling and Feature-Sketch to detect packet loss in real-time for both TCP and UDP. The Feature-Sketch analyzes ongoing packet flow to extract bidirectional packet-type-based and payload-length-based features using 13 counters for TCP and 8 counters for UDP with constant memory consumption. The feature set was trained on Random Forest (RF) model and eXtreme Gradient Boosting (XGB) model to construct the relationship between these features and the packet loss pattern. The result shows that our methodology can detect packet loss in real-time with an accuracy of 95%-97% even at a sampling rate of 1/256.