Training Classifiers to Identify TCP Signatures in Scientific Workflows

Identifying network anomalies is an important measure to ensure reliability and quality of data transfers among facilities. Scientific workflows in particular heavily rely on good network performance to ensure their smooth executions. In this paper, we present a lightweight classifier system that is able to recognize anomalous TCP transfers. Using random forest trees and labeled data sets, we evaluate the classifier with real workflow transfers for ground truth data. Our studies reveal that various TCP congestion algorithms behave differently in anomalous conditions. We show that training classifiers on these separately can aid detection in network performance deterioration. Results reveal that our classifiers are able to better predict anomalous flows for TCP Reno and Hamilton compared to Cubic and BBR, due to the manner how their congestion control algorithms handle the anomalies.