Detection of Network Flow Timestamp Reliability

Martin Žádnik 1 Erik Šabik 1 Václav Bartoš 1
1 CESNET [Prague]
ASCR - Czech Academy of Sciences [Prague]
Abstract : Network flow measurement and analysis are important parts of network management and security. Flow data analysis is a challenging task which is often rendered harder by pitfalls in a monitoring pipeline. In this paper we focus on timestamps since many analysis procedures utilize timestamps to reveal various characteristics of network traffic. Unfortunately, the timestamps are not always that reliable as it may seem. We propose an algorithm to estimate the percentage of correctly assigned timestamps to flow records with respect to the sequence of a request and a response flow. We simulate various timestamp failures and we evaluate the failures using the proposed algorithm. We demonstrate the usage of the algorithm in the use case of bidirectional flow orientation.
Complete list of metadatas

Cited literature [11 references]  Display  Hide  Download

https://hal.inria.fr/hal-01401301
Contributor : Hal Ifip <>
Submitted on : Wednesday, November 23, 2016 - 10:26:31 AM
Last modification on : Wednesday, November 23, 2016 - 10:37:55 AM
Long-term archiving on : Tuesday, March 21, 2017 - 2:14:51 PM

File

978-3-662-43862-6_18_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Martin Žádnik, Erik Šabik, Václav Bartoš. Detection of Network Flow Timestamp Reliability. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. pp.147-159, ⟨10.1007/978-3-662-43862-6_18⟩. ⟨hal-01401301⟩

Share

Metrics

Record views

227

Files downloads

112