Canini et al., 2009 - Google Patents
Per flow packet sampling for high-speed network monitoringCanini et al., 2009
View PDF- Document ID
- 7681452164511013020
- Author
- Canini M
- Fay D
- Miller D
- Moore A
- Bolla R
- Publication year
- Publication venue
- 2009 First International Communication Systems and Networks and Workshops
External Links
Snippet
We present a per-flow packet sampling method that enables the real-time classification of high-speed network traffic. Our method, based upon the partial sampling of each flow (ie, performing sampling at only early stages in each flow's lifetime), provides a sufficient …
- 238000005070 sampling 0 title abstract description 56
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/02—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data
- H04L43/026—Arrangements for monitoring or testing packet switching networks involving a reduction of monitoring data using flow generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/08—Monitoring based on specific metrics
- H04L43/0823—Errors
- H04L43/0829—Packet loss
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/08—Monitoring based on specific metrics
- H04L43/0876—Network utilization
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/14—Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning
- H04L41/142—Arrangements for maintenance or administration or management of packet switching networks involving network analysis or design, e.g. simulation, network model or planning using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/06—Report generation
- H04L43/062—Report generation for traffic related reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/08—Monitoring based on specific metrics
- H04L43/0852—Delays
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/50—Network service management, i.e. ensuring proper service fulfillment according to an agreement or contract between two parties, e.g. between an IT-provider and a customer
- H04L41/5003—Managing service level agreement [SLA] or interaction between SLA and quality of service [QoS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/10—Arrangements for monitoring or testing packet switching networks using active monitoring, e.g. heartbeat protocols, polling, ping, trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
- H04L43/12—Arrangements for monitoring or testing packet switching networks using dedicated network monitoring probes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Dimitropoulos et al. | Probabilistic lossy counting: An efficient algorithm for finding heavy hitters | |
| Canini et al. | Per flow packet sampling for high-speed network monitoring | |
| Duffield | Sampling for passive internet measurement: A review | |
| Yuan et al. | ProgME: towards programmable network measurement | |
| Duffield et al. | Predicting resource usage and estimation accuracy in an IP flow measurement collection infrastructure | |
| Xiao et al. | Cardinality estimation for elephant flows: A compact solution based on virtual register sharing | |
| US20100095374A1 (en) | Graph based bot-user detection | |
| US20100150004A1 (en) | Methods and apparatus to bound network traffic estimation error for multistage measurement sampling and aggregation | |
| Mahmood et al. | Critical infrastructure protection: Resource efficient sampling to improve detection of less frequent patterns in network traffic | |
| Bauer et al. | On the evolution of internet flow characteristics | |
| Kumar et al. | A data streaming algorithm for estimating subpopulation flow size distribution | |
| Zhou et al. | Per-flow counting for big network data stream over sliding windows | |
| Jia et al. | Loglog filter: Filtering cold items within a large range over high speed data streams | |
| Wu et al. | Efficient large flow detection over arbitrary windows: An algorithm exact outside an ambiguity region | |
| Baldi et al. | Data mining techniques for effective and scalable traffic analysis | |
| US8838774B2 (en) | Method, system, and computer program product for identifying common factors associated with network activity with reduced resource utilization | |
| Xiao et al. | Accurately identify time-decaying heavy hitters by decay-aware cuckoo filter along kicking path | |
| Shaman et al. | User profiling based on application-level using network metadata | |
| Xiao et al. | Universal and accurate sketch for estimating heavy hitters and moments in data streams | |
| Wang et al. | Virtual indexing based methods for estimating node connection degrees | |
| Lei et al. | Optimizing traffic classification using hybrid feature selection | |
| Wang et al. | Real-time Spread Burst Detection in Data Streaming | |
| Zhu et al. | A Sketch Algorithm to Monitor High Packet Delay in Network Traffic | |
| Ma et al. | Virtual filter for non-duplicate sampling with network applications | |
| Yao et al. | Identifying frequent flows in large datasets through probabilistic bloom filters |