Abstract
This paper describes a new approach for analyzing large volumes of IP flow related data. One current solution for monitoring IP traffic is based on selecting a subset of flow related information that summarizes communication endpoints, volume, status and time parameters. Commonly known as NetFlow records, the recent development of a standardized protocol and data format, as well as the support from all major vendors, did make the processing, collecting and analysis of flow records possible on all available routers. However, on high traffic backbone routers, this adds to a huge quantity of data that makes its analysis difficult, both in terms of computational resources and in terms of scientific methods. We present a new approach that leverages spatial and temporal aggregated flow information. The objective is to detect traffic anomalies and to characterize network traffic. Our method is based on the use of special tree like data structures that capture both temporal and spatial aggregation and thus is computational efficient. The conceptual framework of our approach is based on the definition of appropriate similarity and distance functions for this purpose.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery 2(2), 121–167 (1998)
Cho, K., Kaizaki, R., Kato, A.: Aguri: An aggregation-based traffic profiler. In: Smirnov, M., Crowcroft, J., Roberts, J., Boavida, F. (eds.) QofIS 2001. LNCS, vol. 2156, pp. 222–242. Springer, Heidelberg (2001)
Cifarelli, C., Nieddu, L., Seref, O., Pardalos, P.M.: K.-T.R.A.C.E.: A kernel k-means procedure for classification. Computers and Operations research 34(10), 3154–3161 (2007)
Culotta, A., Sorensen, J.: Dependency Tree Kernels for Relation Extraction. In: 42nd Annual Meeting on Association for Computational Linguistics, Barcelona, Spain (2004)
Estan, C.: Building a better NetFlow. In: Proceedings of the 2004 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 245–256 (2004)
Foukarakis, M.: Flexible and High-Performance Anonymization of NetFlow Records using Anontoo. In: SECURECOMM Conference (2007)
Gaertner, T.: A survey of kernels for structured Data. SIGKDD Explorations (2003)
Jinsong, W.: P2P Traffic Identification Based on NetFlow TCP Flag. In: Proceedings of the 2009 International Conference on Future Computer and Communication, pp. 700–703 (2009)
Kahn, L., Awad, M., Thuraisungham, B.: A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal 16(4), 507–521 (2007)
Kaizaki, R., Nakamura, O., Murai, J.: Characteristics of Denial of Service Attacks on Internet using Aguri. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 849–857. Springer, Heidelberg (2003)
Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: Multilevel Traffic Classification in the Dark. In: ACM SIGCOMM 2005, Philadelphia, Pennsylvania, USA (2005)
Karpilovsky, E.: Quantifying the Extent of IPv6 Deployment. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol. 5448, pp. 13–22. Springer, Heidelberg (2009)
Krmicek, V.: NetFlow Based System for NAT Detection. In: Proceedings of the 5th International Student Workshop on Emerging Networking Experiments and Technologies (2009)
Lakhina, A., Crovella, M., Diot, C.: Mining Anomalies Using Traffic Feature Distributions. In: ACM SIGCOMM 2005, Philadelphia, Pennsylvania, USA (2005)
McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow Clustering using Machine Learning. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 205–214. Springer, Heidelberg (2004)
Paredes-Oliva, I.: Portscan Detection with Sampled NetFlow. In: Papadopouli, M., Owezarski, P., Pras, A. (eds.) TMA 2009. LNCS, vol. 5537, pp. 26–33. Springer, Heidelberg (2009)
Schoelkopf, B., Smola, J.: Learning with kernels, ch. 1-3, pp. 1–78. MIT Press, Cambridge (2002)
Sommer, R.: NetFlow: Information loss or win? In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurement, pp. 173–174 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wagner, C., Wagener, G., State, R., Engel, T. (2010). Monitoring of Spatial-Aggregated IP-Flow Records. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds) Computational Intelligence in Security for Information Systems 2010. Advances in Intelligent and Soft Computing, vol 85. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16626-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-16626-6_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16625-9
Online ISBN: 978-3-642-16626-6
eBook Packages: EngineeringEngineering (R0)