Detection of Network Flow Timestamp Reliability - Monitoring and Securing Virtualized Networks and Services
Conference Papers Year : 2014

Detection of Network Flow Timestamp Reliability

Martin Žádnik
  • Function : Author
  • PersonId : 994069
Erik Šabik
  • Function : Author
Václav Bartoš
  • Function : Author
  • PersonId : 994070

Abstract

Network flow measurement and analysis are important parts of network management and security. Flow data analysis is a challenging task which is often rendered harder by pitfalls in a monitoring pipeline. In this paper we focus on timestamps since many analysis procedures utilize timestamps to reveal various characteristics of network traffic. Unfortunately, the timestamps are not always that reliable as it may seem. We propose an algorithm to estimate the percentage of correctly assigned timestamps to flow records with respect to the sequence of a request and a response flow. We simulate various timestamp failures and we evaluate the failures using the proposed algorithm. We demonstrate the usage of the algorithm in the use case of bidirectional flow orientation.
Fichier principal
Vignette du fichier
978-3-662-43862-6_18_Chapter.pdf (149.9 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01401301 , version 1 (23-11-2016)

Licence

Identifiers

Cite

Martin Žádnik, Erik Šabik, Václav Bartoš. Detection of Network Flow Timestamp Reliability. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. pp.147-159, ⟨10.1007/978-3-662-43862-6_18⟩. ⟨hal-01401301⟩
152 View
116 Download

Altmetric

Share

More