Application of sampling methodologies to network traffic characterization
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Summary cache: a scalable wide-area web cache sharing protocol
IEEE/ACM Transactions on Networking (TON)
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Trajectory sampling for direct traffic observation
IEEE/ACM Transactions on Networking (TON)
New directions in traffic measurement and accounting
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient implementation of a statistics counter architecture
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
More Netflow Tools for Performance and Security
LISA '04 Proceedings of the 18th USENIX conference on System administration
Entropy Based Worm and Anomaly Detection in Fast IP Networks
WETICE '05 Proceedings of the 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Scan Detection on Very Large Networks Using Logistic Regression Modeling
ISCC '06 Proceedings of the 11th IEEE Symposium on Computers and Communications
Fast packet classification using bloom filters
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Bitmap algorithms for counting active flows on high-speed links
IEEE/ACM Transactions on Networking (TON)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
An improved construction for counting bloom filters
ESA'06 Proceedings of the 14th conference on Annual European Symposium - Volume 14
Double sampling for flow measurement on high speed links
Computer Networks: The International Journal of Computer and Telecommunications Networking
IEEE Journal on Selected Areas in Communications
Hardware-based "on-the-fly" per-flow scan detector pre-filter
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
On-demand time-decaying bloom filters for telemarketer detection
ACM SIGCOMM Computer Communication Review
Modeling conservative updates in multi-hash approximate count sketches
Proceedings of the 24th International Teletraffic Congress
| Hi-index | 0.00 |
We present an efficient network measurement primitive that measures the rate of variations, or unique values for a given characteristic of a traffic flow. The primitive is widely applicable to a variety of data reduction and pre-analysis tasks at the measurement interface, and we show it to be particularly useful for building data-reducing preanalysis stages for scan detection within a multistage network analysis architecture. The presented approach is based upon data structures derived from Bloom filters, and as such yields high performance with probabilistic accuracy and controllable worst-case time and memory complexity. This predictability makes it suitable for hardware implementation in dedicated network measurement devices. One key innovation of the present work is that it is self-tuning, adapting to the characteristics of the measured traffic.