Detection of Network Flow Timestamp Reliability

Martin Žádnik 1 Erik Šabik 1 Václav Bartoš 1
1 CESNET [Prague]
ASCR - Czech Academy of Sciences [Prague]
Abstract : Network flow measurement and analysis are important parts of network management and security. Flow data analysis is a challenging task which is often rendered harder by pitfalls in a monitoring pipeline. In this paper we focus on timestamps since many analysis procedures utilize timestamps to reveal various characteristics of network traffic. Unfortunately, the timestamps are not always that reliable as it may seem. We propose an algorithm to estimate the percentage of correctly assigned timestamps to flow records with respect to the sequence of a request and a response flow. We simulate various timestamp failures and we evaluate the failures using the proposed algorithm. We demonstrate the usage of the algorithm in the use case of bidirectional flow orientation.
Type de document :
Communication dans un congrès
Anna Sperotto; Guillaume Doyen; Steven Latré; Marinos Charalambides; Burkhard Stiller. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. Springer, Lecture Notes in Computer Science, LNCS-8508, pp.147-159, 2014, Monitoring and Securing Virtualized Networks and Services. 〈10.1007/978-3-662-43862-6_18〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01401301
Contributeur : Hal Ifip <>
Soumis le : mercredi 23 novembre 2016 - 10:26:31
Dernière modification le : mercredi 23 novembre 2016 - 10:37:55
Document(s) archivé(s) le : mardi 21 mars 2017 - 14:14:51

Fichier

978-3-662-43862-6_18_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Martin Žádnik, Erik Šabik, Václav Bartoš. Detection of Network Flow Timestamp Reliability. Anna Sperotto; Guillaume Doyen; Steven Latré; Marinos Charalambides; Burkhard Stiller. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. Springer, Lecture Notes in Computer Science, LNCS-8508, pp.147-159, 2014, Monitoring and Securing Virtualized Networks and Services. 〈10.1007/978-3-662-43862-6_18〉. 〈hal-01401301〉

Partager

Métriques

Consultations de la notice

184

Téléchargements de fichiers

31