Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Abstract : In Network Anomaly and Botnet Detection the main source of input for analysis is the network traffic, which has to be transmitted from its capture source to the analysis system. High-volume data sources often generate traffic volumes prohibiting direct pass-through of bulk data into researchers hands.In this paper we achieve a reduction in volume of transmitted test data from network flow captures by aggregating raw data using extraction of protocol semantics. This is orthogonal to classic bulk compression algorithms. We propose a formalization for this concept called Descriptors and extend it to network flow data.A comparison with common bulk data file compression formats will be given for full Packet Capture (PCAP) files, giving 4 to 5 orders of magnitude in size reduction using Descriptors.Our approach aims to be compatible with Internet Protocol Flow Information Export (IPFIX) and other standardized network flow data formats as possible inputs.
https://hal.inria.fr/hal-01397258 Contributor : Hal IfipConnect in order to contact the contributor Submitted on : Tuesday, November 15, 2016 - 4:03:15 PM Last modification on : Wednesday, November 16, 2016 - 1:04:11 AM Long-term archiving on: : Thursday, March 16, 2017 - 1:31:13 PM
Marcel Fourné, Kevin Stegemann, Dominique Petersen, Norbert Pohlmann. Aggregation of Network Protocol Data Near Its Source. 2nd Information and Communication Technology - EurAsia Conference (ICT-EurAsia), Apr 2014, Bali, Indonesia. pp.482-491, ⟨10.1007/978-3-642-55032-4_49⟩. ⟨hal-01397258⟩