Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

Aggregation of Network Protocol Data Near Its Source

Abstract : In Network Anomaly and Botnet Detection the main source of input for analysis is the network traffic, which has to be transmitted from its capture source to the analysis system. High-volume data sources often generate traffic volumes prohibiting direct pass-through of bulk data into researchers hands.In this paper we achieve a reduction in volume of transmitted test data from network flow captures by aggregating raw data using extraction of protocol semantics. This is orthogonal to classic bulk compression algorithms. We propose a formalization for this concept called Descriptors and extend it to network flow data.A comparison with common bulk data file compression formats will be given for full Packet Capture (PCAP) files, giving 4 to 5 orders of magnitude in size reduction using Descriptors.Our approach aims to be compatible with Internet Protocol Flow Information Export (IPFIX) and other standardized network flow data formats as possible inputs.
Complete list of metadata

Cited literature [13 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, November 15, 2016 - 4:03:15 PM
Last modification on : Wednesday, November 16, 2016 - 1:04:11 AM
Long-term archiving on: : Thursday, March 16, 2017 - 1:31:13 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Marcel Fourné, Kevin Stegemann, Dominique Petersen, Norbert Pohlmann. Aggregation of Network Protocol Data Near Its Source. 2nd Information and Communication Technology - EurAsia Conference (ICT-EurAsia), Apr 2014, Bali, Indonesia. pp.482-491, ⟨10.1007/978-3-642-55032-4_49⟩. ⟨hal-01397258⟩



Record views


Files downloads