Skip to Main content Skip to Navigation
Conference papers

Detection of Network Flow Timestamp Reliability

Martin Žádnik 1 Erik Šabik 1 Václav Bartoš 1 
1 CESNET [Prague]
CAS - Czech Academy of Sciences [Prague]
Abstract : Network flow measurement and analysis are important parts of network management and security. Flow data analysis is a challenging task which is often rendered harder by pitfalls in a monitoring pipeline. In this paper we focus on timestamps since many analysis procedures utilize timestamps to reveal various characteristics of network traffic. Unfortunately, the timestamps are not always that reliable as it may seem. We propose an algorithm to estimate the percentage of correctly assigned timestamps to flow records with respect to the sequence of a request and a response flow. We simulate various timestamp failures and we evaluate the failures using the proposed algorithm. We demonstrate the usage of the algorithm in the use case of bidirectional flow orientation.
Complete list of metadata

Cited literature [11 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Wednesday, November 23, 2016 - 10:26:31 AM
Last modification on : Wednesday, November 18, 2020 - 7:20:08 PM
Long-term archiving on: : Tuesday, March 21, 2017 - 2:14:51 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Martin Žádnik, Erik Šabik, Václav Bartoš. Detection of Network Flow Timestamp Reliability. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. pp.147-159, ⟨10.1007/978-3-662-43862-6_18⟩. ⟨hal-01401301⟩



Record views


Files downloads