Skip to main content
SpringerLink
Log in

Monitoring of Spatial-Aggregated IP-Flow Records

  • Conference paper
Computational Intelligence in Security for Information Systems 2010

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 85))

  • 577 Accesses

Abstract

This paper describes a new approach for analyzing large volumes of IP flow related data. One current solution for monitoring IP traffic is based on selecting a subset of flow related information that summarizes communication endpoints, volume, status and time parameters. Commonly known as NetFlow records, the recent development of a standardized protocol and data format, as well as the support from all major vendors, did make the processing, collecting and analysis of flow records possible on all available routers. However, on high traffic backbone routers, this adds to a huge quantity of data that makes its analysis difficult, both in terms of computational resources and in terms of scientific methods. We present a new approach that leverages spatial and temporal aggregated flow information. The objective is to detect traffic anomalies and to characterize network traffic. Our method is based on the use of special tree like data structures that capture both temporal and spatial aggregation and thus is computational efficient. The conceptual framework of our approach is based on the definition of appropriate similarity and distance functions for this purpose.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery 2(2), 121–167 (1998)

    Article  Google Scholar 

  2. Cho, K., Kaizaki, R., Kato, A.: Aguri: An aggregation-based traffic profiler. In: Smirnov, M., Crowcroft, J., Roberts, J., Boavida, F. (eds.) QofIS 2001. LNCS, vol. 2156, pp. 222–242. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Cifarelli, C., Nieddu, L., Seref, O., Pardalos, P.M.: K.-T.R.A.C.E.: A kernel k-means procedure for classification. Computers and Operations research 34(10), 3154–3161 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  4. Culotta, A., Sorensen, J.: Dependency Tree Kernels for Relation Extraction. In: 42nd Annual Meeting on Association for Computational Linguistics, Barcelona, Spain (2004)

    Google Scholar 

  5. Estan, C.: Building a better NetFlow. In: Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 245–256 (2004)

    Google Scholar 

  6. Foukarakis, M.: Flexible and High-Performance Anonymization of NetFlow Records using Anontoo. In: SECURECOMM Conference (2007)

    Google Scholar 

  7. Gaertner, T.: A survey of kernels for structured Data. SIGKDD Explorations (2003)

    Google Scholar 

  8. Jinsong, W.: P2P Traffic Identification Based on NetFlow TCP Flag. In: Proceedings of the 2009 International Conference on Future Computer and Communication, pp. 700–703 (2009)

    Google Scholar 

  9. Kahn, L., Awad, M., Thuraisungham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal 16(4), 507–521 (2007)

    Article  Google Scholar 

  10. Kaizaki, R., Nakamura, O., Murai, J.: Characteristics of Denial of Service Attacks on Internet using Aguri. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 849–857. Springer, Heidelberg (2003)

    Google Scholar 

  11. Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: Multilevel Traffic Classification in the Dark. In: ACM SIGCOMM 2005, Philadelphia, Pennsylvania, USA (2005)

    Google Scholar 

  12. Karpilovsky, E.: Quantifying the Extent of IPv6 Deployment. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol. 5448, pp. 13–22. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  13. Krmicek, V.: NetFlow Based System for NAT Detection. In: Proceedings of the 5th International Student Workshop on Emerging Networking Experiments and Technologies (2009)

    Google Scholar 

  14. Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: ACM SIGCOMM 2005, Philadelphia, Pennsylvania, USA (2005)

    Google Scholar 

  15. McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow Clustering using Machine Learning. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 205–214. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Paredes-Oliva, I.: Portscan Detection with Sampled NetFlow. In: Papadopouli, M., Owezarski, P., Pras, A. (eds.) TMA 2009. LNCS, vol. 5537, pp. 26–33. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. Schoelkopf, B., Smola, J.: Learning with kernels, ch. 1-3, pp. 1–78. MIT Press, Cambridge (2002)

    Google Scholar 

  18. Sommer, R.: NetFlow: Information loss or win? In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, pp. 173–174 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Luxembourg FSTC and SnT,  

    Cynthia Wagner, Gerard Wagener, Radu State & Thomas Engel

Authors
  1. Cynthia Wagner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gerard Wagener
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Radu State
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Engel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Civil Engineering Department, Polytechnic School, University of Burgos, Francisco de Vittoria s/n, 09006, Burgos, Spain

    Álvaro Herrero

  2. Departamento de Informáca y Automática, Facultad de Biología, University of Salamanca, Plaza de la Merced s/n, 37008, Salamanca, Spain

    Emilio Corchado

  3. Castilla y León, Fundación Centro de Supercomputación, 24071, Leon, Spain

    Carlos Redondo

  4. Castilla y León, Fundación Centro de Supercomputación, 24071, León, Spain

    Ángel Alonso

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wagner, C., Wagener, G., State, R., Engel, T. (2010). Monitoring of Spatial-Aggregated IP-Flow Records. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds) Computational Intelligence in Security for Information Systems 2010. Advances in Intelligent and Soft Computing, vol 85. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16626-6_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16626-6_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16625-9

  • Online ISBN: 978-3-642-16626-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation