Application of sampling methodologies to network traffic characterization
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Monitoring very high speed links
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
WebTrafMon: Web-based Internet/Intranet network traffic monitoring and analysis system
Computer Communications
Wide-area Internet traffic patterns and characteristics
IEEE Network: The Magazine of Global Internetworking
Principle Components and Importance Ranking of Distributed Anomalies
Machine Learning
Probabilistic anomaly detection in distributed computer networks
Science of Computer Programming
Passive measurement of one-way and two-way flow lifetimes
ACM SIGCOMM Computer Communication Review
A Distributed Architecture for IP Traffic Analysis
AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management
Fault detection in IP-based process control networks using data mining
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Volunteer-based distributed traffic data collection system
ICACT'10 Proceedings of the 12th international conference on Advanced communication technology
Web services based configuration management for IP network devices
MMNS'05 Proceedings of the 8th international conference on Management of Multimedia Networks and Services
P2P protocol analysis and blocking algorithm
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Review: A survey of network flow applications
Journal of Network and Computer Applications
Adaptive monitoring: a framework to adapt passive monitoring using probing
Proceedings of the 8th International Conference on Network and Service Management
| Hi-index | 0.01 |
This paper presents the design of a next generation network traffic monitoring and analysis system, called NG-MON (Next Generation MONitoring), for high-speed networks such as 10 Gbps and above. Packet capturing and analysis on such high-speed networks is very difficult using traditional approaches. Using distributed, pipelining and parallel processing techniques, we have designed a flexible and scalable monitoring and analysis system, which can run on off-the-shelf, cost-effective computers. The monitoring and analysis task in NG-MON is divided into five phases; packet capture, flow generation, flow store, traffic analysis, and presentation. Each phase can be executed on separate computer systems and cooperates with adjacent phases using pipeline processing. Each phase can be composed of a cluster of computers wherever the system load of the phase is higher than the performance of a single computer system. We have defined efficient communication methods and message formats between phases. Numerical analysis results of our design for 10 Gbps networks are also provided.