| HAL-Inria | Publications, software ... of Inria's scientists |
Conference papers
Aggregation of Network Protocol Data Near Its Source
Abstract : In Network Anomaly and Botnet Detection the main source of input for analysis is the network traffic, which has to be transmitted from its capture source to the analysis system. High-volume data sources often generate traffic volumes prohibiting direct pass-through of bulk data into researchers hands.In this paper we achieve a reduction in volume of transmitted test data from network flow captures by aggregating raw data using extraction of protocol semantics. This is orthogonal to classic bulk compression algorithms. We propose a formalization for this concept called Descriptors and extend it to network flow data.A comparison with common bulk data file compression formats will be given for full Packet Capture (PCAP) files, giving 4 to 5 orders of magnitude in size reduction using Descriptors.Our approach aims to be compatible with Internet Protocol Flow Information Export (IPFIX) and other standardized network flow data formats as possible inputs.
Cited literature [13 references]
https://hal.inria.fr/hal-01397258
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 15, 2016 - 4:03:15 PM
Last modification on : Wednesday, November 16, 2016 - 1:04:11 AM
Long-term archiving on: : Thursday, March 16, 2017 - 1:31:13 PM
Contributor : Hal Ifip <>
Submitted on : Tuesday, November 15, 2016 - 4:03:15 PM
Last modification on : Wednesday, November 16, 2016 - 1:04:11 AM
Long-term archiving on: : Thursday, March 16, 2017 - 1:31:13 PM
File
978-3-642-55032-4_49_Chapter.p...
Files produced by the author(s)
Licence
Distributed under a Creative Commons Attribution 4.0 International License