Models and issues in data stream systems
Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
A Genetic Approach to Qualitative Temporal Reasoning with Constraints
ICCIMA '99 Proceedings of the 3rd International Conference on Computational Intelligence and Multimedia Applications
Automatically inferring patterns of resource consumption in network traffic
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
LISA '00 Proceedings of the 14th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
The CoralReef Software Suite as a Tool for System and Network Administrators
LISA '01 Proceedings of the 15th USENIX conference on System administration
Building a time machine for efficient recording and retrieval of high-volume network traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Tribeca: a system for managing large databases of network traffic
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
Design of an IP Flow Record Query Language
AIMS '08 Proceedings of the 2nd international conference on Autonomous Infrastructure, Management and Security: Resilient Networks and Services
Flow-level traffic analysis of the blaster and sobig worm outbreaks in an internet backbone
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Implementation of a stream-based IP flow record query language
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
Processing of flow accounting data in Java: framework design and performance evaluation
EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
Report of the Third Workshop on the Usage of NetFlow/IPFIX in Network Management
Journal of Network and Systems Management
Flow-Based identification of failures caused by IPv6 transition mechanisms
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
| Hi-index | 0.00 |
Analyzing Internet traffic has become an important and challenging task. NetFlow/IPFIX flow records are widely used to provide a summary of the Internet traffic carried on a link or forwarded by a router. Several tools exist to filter or to search for specific flows in a collection of flow records, however the filtering or query languages that these tools use have limited capabilities when it comes to describing more complex network activity. This paper proposes a framework and a new stream-based flow record query language, which allows certain types of traffic patterns to be defined and matched in a collection of flow records. The usage of the proposed new language is exemplified by constructing a query identifying the Blaster.A worm.