Internetworking with TCP/IP: principles, protocols, and architecture
Internetworking with TCP/IP: principles, protocols, and architecture
Application of sampling methodologies to network traffic characterization
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Efficient policies for carrying Web traffic over flow-switched networks
IEEE/ACM Transactions on Networking (TON)
Charging from sampled network usage
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Adaptive random sampling for load change detection
SIGMETRICS '02 Proceedings of the 2002 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
New directions in traffic measurement and accounting
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Properties and prediction of flow statistics from sampled packet streams
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A parameterizable methodology for Internet traffic flow profiling
IEEE Journal on Selected Areas in Communications
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Flow sampling under hard resource constraints
Proceedings of the joint international conference on Measurement and modeling of computer systems
Data streaming algorithms for efficient and accurate estimation of flow size distribution
Proceedings of the joint international conference on Measurement and modeling of computer systems
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Self-configuring network traffic generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A pragmatic approach to dealing with high-variability in network measurements
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Identifying elephant flows through periodically sampled packets
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A data streaming algorithm for estimating subpopulation flow size distribution
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A robust system for accurate real-time summaries of internet traffic
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Data streaming algorithms for accurate and efficient measurement of traffic and flow matrices
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Fast and accurate traffic matrix measurement using adaptive cardinality counting
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
Optimal positioning of active and passive monitoring devices
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Ranking flows from sampled traffic
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Estimating flow distributions from sampled flow statistics
IEEE/ACM Transactions on Networking (TON)
The DLT priority sampling is essentially optimal
Proceedings of the thirty-eighth annual ACM symposium on Theory of computing
IEEE/ACM Transactions on Networking (TON)
Data streaming algorithms for estimating entropy of network traffic
SIGMETRICS '06/Performance '06 Proceedings of the joint international conference on Measurement and modeling of computer systems
Sampling time-dependent parameters in high-speed network monitoring
Proceedings of the ACM international workshop on Performance monitoring, measurement, and evaluation of heterogeneous wireless and wired networks
Impact of packet sampling on anomaly detection metrics
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
On sampling self-similar internet traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
Joint data streaming and sampling techniques for detection of super sources and destinations
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Finding a needle in a haystack: pinpointing significant BGP routing changes in an IP network
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Sketching unaggregated data streams for subpopulation-size queries
Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Algorithms and estimators for accurate summarization of internet traffic
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Inter-autonomous system provisioning for end-to-end bandwidth guarantees
Computer Communications
A generic language for application-specific flow sampling
ACM SIGCOMM Computer Communication Review
Reformulating the monitor placement problem: optimal network-wide sampling
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Processing top k queries from samples
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Estimating cardinality distributions in network traffic: extended abstract
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Double sampling for flow measurement on high speed links
Computer Networks: The International Journal of Computer and Telecommunications Networking
A comparative study of different heavy tail index estimators of the flow size from sampled data
Proceedings of the first international conference on Networks for grid applications
Processing top-k queries from samples
Computer Networks: The International Journal of Computer and Telecommunications Networking
EF-Greedy: A Novel Garbage Collection Policy for Flash Memory Based Embedded Systems
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part IV: ICCS 2007
Fast monitoring of traffic subpopulations
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A programmable architecture for scalable and real-time network traffic measurements
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Proactive surge protection: a defense mechanism for bandwidth-based attacks
SS'08 Proceedings of the 17th conference on Security symposium
Maximum likelihood estimation of the flow size distribution tail index from sampled packet data
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Entropy based adaptive flow aggregation
IEEE/ACM Transactions on Networking (TON)
Residual-based estimation of peer and link lifetimes in P2P networks
IEEE/ACM Transactions on Networking (TON)
An analysis of packet sampling in the frequency domain
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
The nature of data center traffic: measurements & analysis
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Coordinated weighted sampling for estimating aggregates over multiple weight assignments
Proceedings of the VLDB Endowment
Proactive surge protection: a defense mechanism for bandwidth-based attacks
IEEE/ACM Transactions on Networking (TON)
Fast classification and estimation of internet traffic flows
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
A new data streaming method for locating hosts with large connection degree
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Probabilistic graphical models for semi-supervised traffic classification
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
On mitigating sampling-induced accuracy loss in traffic anomaly detection systems
ACM SIGCOMM Computer Communication Review
Revisiting the case for a minimalist approach for network flow monitoring
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
On the characteristics and reasons of long-lived internet flows
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Network prefix-level traffic profiling: Characterizing, modeling, and evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
Towards a universal sketch for origin-destination network measurements
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
Time-Out bloom filter: a new sampling method for recording more flows
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Traffic matrix reloaded: impact of routing changes
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Continuous sampling from distributed streams
Journal of the ACM (JACM)
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Efficient packet sampling for accurate traffic measurements
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detection accuracy of network anomalies using sampled flow statistics
International Journal of Network Management
Space-efficient estimation of statistics over sub-sampled streams
PODS '12 Proceedings of the 31st symposium on Principles of Database Systems
Differentially private summaries for sparse data
Proceedings of the 15th International Conference on Database Theory
Synopses for Massive Data: Samples, Histograms, Wavelets, Sketches
Foundations and Trends in Databases
Per-flow traffic measurement through randomized counter sharing
IEEE/ACM Transactions on Networking (TON)
Computer Networks: The International Journal of Computer and Telecommunications Networking
Software defined traffic measurement with OpenSketch
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Modeling residual-geometric flow sampling
IEEE/ACM Transactions on Networking (TON)
Line speed accurate superspreader identification using dynamic error compensation
Computer Communications
| Hi-index | 0.00 |
Passive traffic measurement increasingly employs sampling at the packet level. Many high-end routers form flow statistics from a sampled substream of packets. Sampling is necessary in order to control the consumption of resources by the measurement operations. However, knowledge of the statistics of flows in the unsampled stream remains useful, for understanding both characteristics of source traffic, and consumption of resources in the network.This paper provide methods that use flow statistics formed from sampled packet stream to infer the absolute frequencies of lengths of flows in the unsampled stream. A key part of our work is inferring the numbers and lengths of flows of original traffic that evaded sampling altogether. We achieve this through statistical inference, and by exploiting protocol level detail reported in flow records. The method has applications to detection and characterization of network attacks: we show how to estimate, from sampled flow statistics, the number of compromised hosts that are sending attack traffic past the measurement point. We also investigate the impact on our results of different implementations of packet sampling.