Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
On the characteristics and origins of internet flow rates
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
The Architecture of NG-MON: A Passive Network Monitoring System for High-Speed IP Networks
DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
Structural analysis of network traffic flows
Proceedings of the joint international conference on Measurement and modeling of computer systems
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Analysis of long duration traces
ACM SIGCOMM Computer Communication Review
A methodology for studying persistency aspects of internet flows
ACM SIGCOMM Computer Communication Review
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Some observations of internet stream lifetimes
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Understanding Internet traffic streams: dragonflies and tortoises
IEEE Communications Magazine
A parameterizable methodology for Internet traffic flow profiling
IEEE Journal on Selected Areas in Communications
Long-term forecasting of Internet backbone traffic
IEEE Transactions on Neural Networks
Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default
PETS '09 Proceedings of the 9th International Symposium on Privacy Enhancing Technologies
Estimating routing symmetry on single links by passive flow measurements
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Dynamic feature analysis and measurement for large-scale network traffic monitoring
IEEE Transactions on Information Forensics and Security
Monitoring abnormal network traffic based on blind source separation approach
Journal of Network and Computer Applications
One-way traffic monitoring with iatmon
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Minimizing the Data Transfer Time Using Multicore End-System Aware Flow Bifurcation
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
Tracking malicious hosts on a 10gbps backbone link
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Classifying internet one-way traffic
Proceedings of the 2012 ACM conference on Internet measurement conference
| Hi-index | 0.00 |
Flow based analysis has been considered a simple and effective approach in network analysis. 5-tuple (unidirectional) flows are used in many network traffic, however, often these analyses require bidirectional packet matching to observe the interactions. Separating the flows into two categories as one-way (packets in one direction only) and two-way (packets in both directions) flows can yield further insight. We have examined traces of Auckland traffic for 2000, 2003 and 2006, and analyzed their one-way and two-way flows. We observed several behaviors and the changes in flow sizes and their lifetimes over time. In our traces, we observe that one-way flows are mostly malicious, re-transmissions, and some are long-lived. Two-way flows are mostly normal end-to-end transmissions with their lifetimes/RTTs decreasing, their sizes increasing, and many short-lived flows mostly depict errors in TCP. Also, we observe similarity between one-way and two-way flow sizes for their lifetimes.