Computing
Receiver-driven layered multicast
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
Random sampling for histogram construction: how much is enough?
SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Deriving traffic demands for operational IP networks: methodology and experience
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Adaptive random sampling for load change detection
SIGMETRICS '02 Proceedings of the 2002 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Properties and prediction of flow statistics from sampled packet streams
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Estimating flow distributions from sampled flow statistics
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Bitmap algorithms for counting active flows on high speed links
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
FlowScan: A Network Traffic Flow Reporting and Visualization Tool
LISA '00 Proceedings of the 14th USENIX conference on System administration
Packet trace manipulation rramework for test labs
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A data streaming algorithm for estimating subpopulation flow size distribution
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A robust system for accurate real-time summaries of internet traffic
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Fast hash table lookup using extended bloom filter: an aid to network processing
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Estimating flow distributions from sampled flow statistics
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
Resource-aware multi-format network security data storage
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Sampling time-dependent parameters in high-speed network monitoring
Proceedings of the ACM international workshop on Performance monitoring, measurement, and evaluation of heterogeneous wireless and wired networks
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Identifying and discriminating between web and peer-to-peer traffic in the network core
Proceedings of the 16th international conference on World Wide Web
Optimal combination of sampled network measurements
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
The power of slicing in internet flow measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Sketching unaggregated data streams for subpopulation-size queries
Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
ProgME: towards programmable network measurement
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Offline/realtime traffic classification using semi-supervised learning
Performance Evaluation
Algorithms and estimators for accurate summarization of internet traffic
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Load shedding in network monitoring applications
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Reformulating the monitor placement problem: optimal network-wide sampling
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Confident estimation for multistage measurement sampling and aggregation
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
CSAMP: a system for network-wide flow monitoring
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
A stratified traffic sampling methodology for seeing the big picture
Computer Networks: The International Journal of Computer and Telecommunications Networking
EF-Greedy: A Novel Garbage Collection Policy for Flash Memory Based Embedded Systems
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part IV: ICCS 2007
Implementation Issues of Early Application Identification
AINTEC '07 Proceedings of the 3rd Asian conference on Internet Engineering: Sustainable Internet
Towards optimal sampling for flow size estimation
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Fast monitoring of traffic subpopulations
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A programmable architecture for scalable and real-time network traffic measurements
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A Space-Efficient Fair Packet Sampling Algorithm
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
Robust network monitoring in the presence of non-cooperative traffic queries
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient application identification and the temporal and spatial stability of classification schema
Computer Networks: The International Journal of Computer and Telecommunications Networking
Uncovering Artifacts of Flow Measurement Tools
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
A hardware platform for efficient worm outbreak detection
ACM Transactions on Design Automation of Electronic Systems (TODAES)
Entropy based adaptive flow aggregation
IEEE/ACM Transactions on Networking (TON)
Traffic monitor deployment in IP networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
The nature of data center traffic: measurements & analysis
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Design principles and algorithms for effective high-speed IP flow monitoring
Computer Communications
TCP portscan detection based on single packet flows and entropy
Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
On the statistical characterization of flows in Internet traffic with application to sampling
Computer Communications
Deterministic versus probabilistic packet sampling in the internet
ITC20'07 Proceedings of the 20th international teletraffic conference on Managing traffic performance in converged networks
On-line predictive load shedding for network monitoring
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
Forecasting-based sampling decision for accurate and scalable anomaly detection
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
On accurate and scalable anomaly detection in next generation mobile network
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Coordinated sampling sans origin-destination identifiers: algorithms and analysis
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Measurouting: a framework for routing assisted traffic monitoring
INFOCOM'10 Proceedings of the 29th conference on Information communications
Two samples are enough: opportunistic flow-level latency estimation using netflow
INFOCOM'10 Proceedings of the 29th conference on Information communications
Proceedings of the ACM SIGCOMM 2010 conference
CLAMP: Efficient class-based sampling for flexible flow monitoring
Computer Networks: The International Journal of Computer and Telecommunications Networking
Lightweight, high-resolution monitoring for troubleshooting production systems
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Revisiting the case for a minimalist approach for network flow monitoring
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
On the characteristics and reasons of long-lived internet flows
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
High-speed, in-band performance measurement instrumentation for next generation IP networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Understanding and evaluating the impact of sampling on anomaly detection techniques
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
The power of one move: hashing schemes for hardware
IEEE/ACM Transactions on Networking (TON)
ProgME: towards programmable network measurement
IEEE/ACM Transactions on Networking (TON)
Fine-grained latency and loss measurements in the presence of reordering
Proceedings of the ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Fine-grained latency and loss measurements in the presence of reordering
ACM SIGMETRICS Performance Evaluation Review - Performance evaluation review
Machine learning approach for IP-flow record anomaly detection
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Automating network monitoring on experimental testbeds
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Predictive resource management of multiple monitoring applications
IEEE/ACM Transactions on Networking (TON)
Leveraging Zipf's law for traffic offloading
ACM SIGCOMM Computer Communication Review
Easily-Implemented adaptive packet sampling for high speed networks flow measurement
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part IV
Detecting SYN flooding attacks near innocent side
MSN'05 Proceedings of the First international conference on Mobile Ad-hoc and Sensor Networks
Entropy based flow aggregation
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
Collection and exploration of large data monitoring sets using bitmap databases
TMA'10 Proceedings of the Second international conference on Traffic Monitoring and Analysis
Time-Out bloom filter: a new sampling method for recording more flows
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Time-Driven vs packet-driven: a deep study on traffic sampling
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Some observations of internet stream lifetimes
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Efficient packet sampling for accurate traffic measurements
Computer Networks: The International Journal of Computer and Telecommunications Networking
A malware detector placement game for intrusion detection
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
MeasuRouting: a framework for routing assisted traffic monitoring
IEEE/ACM Transactions on Networking (TON)
Opportunistic flow-level latency estimation using consistent netflow
IEEE/ACM Transactions on Networking (TON)
Towards efficient flow sampling technique for anomaly detection
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Estimation of data traffic flows from aggregate measurements
Mathematical and Computer Modelling: An International Journal
On the vulnerability of hardware hash tables to sophisticated attacks
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part I
Network anomaly detection: comparison and real-time issues
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
Detecting anomalies in netflow record time series by using a kernel function
AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
DRAM-based statistics counter array architecture with performance guarantee
IEEE/ACM Transactions on Networking (TON)
APNOMS'07 Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and services
Efficient multidimensional aggregation for large scale monitoring
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Review: A survey of network flow applications
Journal of Network and Computer Applications
Scalable identification and measurement of heavy-hitters
Computer Communications
Software defined traffic measurement with OpenSketch
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Modeling residual-geometric flow sampling
IEEE/ACM Transactions on Networking (TON)
Line speed accurate superspreader identification using dynamic error compensation
Computer Communications
An adaptive flow counting method for anomaly detection in SDN
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
Scalable hybrid stream and hadoop network analysis system
Proceedings of the 5th ACM/SPEC international conference on Performance engineering
High-fidelity per-flow delay measurements with reference latency interpolation
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Network operators need to determine the composition of the traffic mix on links when looking for dominant applications, users, or estimating traffic matrices. Cisco's NetFlow has evolved into a solution that satisfies this need by reporting flow records that summarize a sample of the traffic traversing the link. But sampled NetFlow has shortcomings that hinder the collection and analysis of traffic data. First, during flooding attacks router memory and network bandwidth consumed by flow records can increase beyond what is available; second, selecting the right static sampling rate is difficult because no single rate gives the right tradeoff of memory use versus accuracy for all traffic mixes; third, the heuristics routers use to decide when a flow is reported are a poor match to most applications that work with time bins; finally, it is impossible to estimate without bias the number of active flows for aggregates with non-TCP traffic.In this paper we propose Adaptive NetFlow, deployable through an update to router software, which addresses many shortcomings of NetFlow by dynamically adapting the sampling rate to achieve robustness without sacrificing accuracy. To enable counting of non-TCP flows, we propose an optional Flow Counting Extension that requires augmenting existing hardware at routers. Both our proposed solutions readily provide descriptions of the traffic of progressively smaller sizes. Transmitting these at progressively higher levels of reliability allows graceful degradation of the accuracy of traffic reports in response to network congestion on the reporting path.