Empirically derived analytic models of wide-area TCP connections
IEEE/ACM Transactions on Networking (TON)
Generating representative Web workloads for network and server performance evaluation
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Modeling TCP throughput: a simple model and its empirical validation
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
When the CRC and TCP checksum disagree
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
DNS performance and the effectiveness of caching
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Analyzing peer-to-peer traffic across large networks
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A case study of OSPF behavior in a large enterprise network
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
An Empirical Model of HTTP Network Traffic
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Passive NFS Tracing of Email and Research Workloads
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Role classification of hosts within enterprise networks based on connection patterns
ATEC '03 Proceedings of the annual conference on USENIX Annual Technical Conference
Analysis of communities of interest in data networks
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Determining an appropriate sending rate over an underutilized network path
Computer Networks: The International Journal of Computer and Telecommunications Networking
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Towards highly reliable enterprise network services via inference of multi-level dependencies
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Issues and etiquette concerning use of shared measurement data
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Dependable security: testing network intrusion detection systems
HotDep'07 Proceedings of the 3rd workshop on on Hot Topics in System Dependability
Floodless in seattle: a scalable ethernet architecture for large enterprises
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Realistic simulation environments for IP-based networks
Proceedings of the 1st international conference on Simulation tools and techniques for communications, networks and systems & workshops
A Comparative Evaluation of Anomaly Detectors under Portscan Attacks
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
How healthy are today's enterprise networks?
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Reference models for network data anonymization
Proceedings of the 1st ACM workshop on Network data anonymization
Implementing an OpenFlow switch on the NetFPGA platform
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Packet prediction for speculative cut-through switching
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A First Look at Media Conferencing Traffic in the Global Enterprise
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Evolving High-Speed, Easy-to-Understand Network Intrusion Detection Rules with Genetic Programming
EvoWorkshops '09 Proceedings of the EvoWorkshops 2009 on Applications of Evolutionary Computing: EvoCOMNET, EvoENVIRONMENT, EvoFIN, EvoGAMES, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, EvoNUM, EvoSTOC, EvoTRANSLOG
Towards systematic design of enterprise networks
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Support Vector Machines for TCP traffic classification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Mining policies from enterprise network configuration
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
On calibrating enterprise switch measurements
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
The nature of data center traffic: measurements & analysis
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
On achieving good operating points on an ROC plane using stochastic anomaly score prediction
Proceedings of the 16th ACM conference on Computer and communications security
P2P botnet detection using behavior clustering & statistical tests
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
BUFFALO: bloom filter forwarding architecture for large organizations
Proceedings of the 5th international conference on Emerging networking experiments and technologies
Load balancing inbound traffic in multihomed stub autonomous systems
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Robust Detection of Unauthorized Wireless Access Points
Mobile Networks and Applications
Survey on traffic of metro area network with measurement on-line
ITC20'07 Proceedings of the 20th international teletraffic conference on Managing traffic performance in converged networks
The cubicle vs. the coffee shop: behavioral modes in enterprise end-users
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
A first look at traffic classification in enterprise networks
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Characterising a grid site's traffic
Proceedings of the 19th ACM International Symposium on High Performance Distributed Computing
EndRE: an end-system redundancy elimination service for enterprises
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Eavesdropping wireless video packets to improve standard multicast transmission in Wi-Fi networks
ISWPC'10 Proceedings of the 5th IEEE international conference on Wireless pervasive computing
A preliminary analysis of TCP performance in an enterprise network
INM/WREN'10 Proceedings of the 2010 internet network management conference on Research on enterprise networking
Axon: a flexible substrate for source-routed ethernet
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
OpenTM: traffic matrix estimator for OpenFlow networks
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
Can the production network be the testbed?
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
SEATTLE: A Scalable Ethernet Architecture for Large Enterprises
ACM Transactions on Computer Systems (TOCS)
Accuracy improving guidelines for network anomaly detection systems
Journal in Computer Virology
Salting public traces with attack traffic to test flow classifiers
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Towards practical avoidance of information leakage in enterprise networks
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
A study of traffic, user behavior and pricing policies in a large campus network
Computer Communications
Towards systematic design of enterprise networks
IEEE/ACM Transactions on Networking (TON)
A Scalability Study of Enterprise Network Architectures
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Agent-Based approach for distributed intrusion detection system design
ICCS'06 Proceedings of the 6th international conference on Computational Science - Volume Part III
Assessing the uncertainty of communication patterns in distributed intrusion detection system
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part II
Novel association control strategies for multicasting in relay-enabled WLANs
Computer Networks: The International Journal of Computer and Telecommunications Networking
An end-host view on local traffic at home and work
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
fHA: A flexible and distributed Home Agent architecture for Mobile-IP based networks
Information Sciences: an International Journal
ParCube: sparse parallelizable tensor decompositions
ECML PKDD'12 Proceedings of the 2012 European conference on Machine Learning and Knowledge Discovery in Databases - Volume Part I
MultiAspectForensics: mining large heterogeneous networks using tensor
International Journal of Web Engineering and Technology
Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning
ACM Transactions on Information and System Security (TISSEC)
On changing the culture of empirical internet assessment
ACM SIGCOMM Computer Communication Review
| Hi-index | 0.00 |
While wide-area Internet traffic has been heavily studied for many years, the characteristics of traffic inside Internet enterprises remain almost wholly unexplored. Nearly all of the studies of enterprise traffic available in the literature are well over a decade old and focus on individual LANs rather than whole sites. In this paper we present a broad overview of internal enterprise traffic recorded at a medium-sized site. The packet traces span more than 100 hours, over which activity from a total of several thousand internal hosts appears. This wealth of data--which we are publicly releasing in anonymized form--spans a wide range of dimensions. While we cannot form general conclusions using data from a single site, and clearly this sort of data merits additional in-depth study in a number of ways, in this work we endeavor to characterize a number of the most salient aspects of the traffic. Our goal is to provide a first sense of ways in which modern enterprise traffic is similar to wide-area Internet traffic, and ways in which it is quite different.