Efficient and portable combined random number generators
Communications of the ACM
Application of sampling methodologies to network traffic characterization
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Efficient policies for carrying Web traffic over flow-switched networks
IEEE/ACM Transactions on Networking (TON)
Trajectory sampling for direct traffic observation
IEEE/ACM Transactions on Networking (TON)
New directions in traffic measurement and accounting
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Internetworking with TCP/IP: Principles, Protocols, and Architecture
Internetworking with TCP/IP: Principles, Protocols, and Architecture
Measurement and analysis of IP network usage and behavior
IEEE Communications Magazine
A parameterizable methodology for Internet traffic flow profiling
IEEE Journal on Selected Areas in Communications
Estimating flow distributions from sampled flow statistics
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Bitmap algorithms for counting active flows on high speed links
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Data streaming algorithms for efficient and accurate estimation of flow size distribution
Proceedings of the joint international conference on Measurement and modeling of computer systems
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Identifying elephant flows through periodically sampled packets
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A distributed approach to measure IP traffic matrices
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Reversible sketches for efficient and accurate change detection over network data streams
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A data streaming algorithm for estimating subpopulation flow size distribution
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Data streaming algorithms for accurate and efficient measurement of traffic and flow matrices
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Ranking flows from sampled traffic
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Estimating flow distributions from sampled flow statistics
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
Study of Dynamic Timeout Strategy based on flow rate metrics in high-speed networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Bitmap algorithms for counting active flows on high-speed links
IEEE/ACM Transactions on Networking (TON)
On sampling self-similar internet traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
A factor analytic approach to inferring congestion sharing based on flow level measurements
IEEE/ACM Transactions on Networking (TON)
Identifying and discriminating between web and peer-to-peer traffic in the network core
Proceedings of the 16th international conference on World Wide Web
The power of slicing in internet flow measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
An information-theoretic approach to network monitoring and measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Reversible sketches: enabling monitoring and analysis over high-speed data streams
IEEE/ACM Transactions on Networking (TON)
Reformulating the monitor placement problem: optimal network-wide sampling
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Optimal sampling in state space models with applications to network monitoring
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A stratified traffic sampling methodology for seeing the big picture
Computer Networks: The International Journal of Computer and Telecommunications Networking
Estimating Flow Length Distributions Using Least Square Method and Maximum Likelihood Estimation
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part IV: ICCS 2007
EF-Greedy: A Novel Garbage Collection Policy for Flash Memory Based Embedded Systems
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part IV: ICCS 2007
A Space-Efficient Fair Packet Sampling Algorithm
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Counting Flows over Sliding Windows in High Speed Networks
NETWORKING '09 Proceedings of the 8th International IFIP-TC 6 Networking Conference
Design principles and algorithms for effective high-speed IP flow monitoring
Computer Communications
TCP portscan detection based on single packet flows and entropy
Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
On the statistical characterization of flows in Internet traffic with application to sampling
Computer Communications
Review: Passive internet measurement: Overview and guidelines based on experiences
Computer Communications
Communities of interest for internet traffic prioritization
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Fast classification and estimation of internet traffic flows
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Deterministic versus probabilistic packet sampling in the internet
ITC20'07 Proceedings of the 20th international teletraffic conference on Managing traffic performance in converged networks
A novel algorithm for estimating flow length distributions-LSM
NPC'07 Proceedings of the 2007 IFIP international conference on Network and parallel computing
HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency
Computer Networks: The International Journal of Computer and Telecommunications Networking
An online framework for catching top spreaders and scanners
Computer Networks: The International Journal of Computer and Telecommunications Networking
On mitigating sampling-induced accuracy loss in traffic anomaly detection systems
ACM SIGCOMM Computer Communication Review
Computer Networks: The International Journal of Computer and Telecommunications Networking
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Analysis of the impact of sampling on NetFlow traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
Flow monitoring experiences at the ethernet-layer
EUNICE'11 Proceedings of the 17th international conference on Energy-aware communications
Estimating original flow length from sampled flow statistics
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part IV
An algorithm for estimation of flow length distributions using heavy-tailed feature
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part IV
Collection and exploration of large data monitoring sets using bitmap databases
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
Using passive measuring to calibrate active measuring latency
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
Passive calibration of active measuring latency
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Efficient packet sampling for accurate traffic measurements
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detection accuracy of network anomalies using sampled flow statistics
International Journal of Network Management
Space-efficient estimation of statistics over sub-sampled streams
PODS '12 Proceedings of the 31st symposium on Principles of Database Systems
Towards efficient flow sampling technique for anomaly detection
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Real-Time and resilient intrusion detection: a flow-based approach
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Exploiting packet-sampling measurements for traffic characterization and classification
International Journal of Network Management
Inverting flow durations from sampled traffic
Proceedings of the 24th International Teletraffic Congress
Review: A survey of network flow applications
Journal of Network and Computer Applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Measurement artifacts in netflow data
PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Hi-index | 0.00 |
Many routers can generate and export statistics on flows of packets that traverse them. Increasingly, high end routers form flow statistics from only a sampled packet stream in order to manage resource consumption involved.This paper addresses three questions. Firstly: what are the downstream consequences for the measurement infrastructure? Long traffic flows will be split up if the time between sampled packets exceeds the flow timeout. Using packet header traces we show that flows generated by increasingly prevalent peer-to-peer applicalions are vulnerable to this effect.Secondly: can the volume of packet-sampled flow statistics be easily determined? We develop a simple model that predicts both the export rate of flow packet-sampled flow statistics and the number of active flows. It uses unsampled flow statistics---those commonly currently collected--as its data, i.e., it does not rely on having packet header traces available.Thirdly: what properties of the original traffic stream can be inferred from the packet sampled flow statistics? We show that as well as estimating total bytes and packets, one can also infer more detail, specifically the number and average length of flows in the unsampled traffic stream, even though some flows will have no packets sampled. We believe that this information is useful, both for understanding source traffic, e.g. the dependence of flow lengths on application type, and also monitoring changes in the composition of the traffic, e.g., a flood of short flows during a DoS attack. In all cases, we evaluate our approach using packet header traces gathered in backbone and campus networks.