跟踪网络流量中的长时间流

2010 Proceedings IEEE INFOCOM Pub Date : 2010-03-14 DOI:10.1109/INFCOM.2010.5462244

Aiyou Chen, Yu Jin, Jin Cao

{"title":"跟踪网络流量中的长时间流","authors":"Aiyou Chen, Yu Jin, Jin Cao","doi":"10.1109/INFCOM.2010.5462244","DOIUrl":null,"url":null,"abstract":"We propose the tracking of long duration flows as a new network measurement primitive. Long-duration flows are characterized by their long lived nature in time, and may not have high traffic volumes. We propose an efficient data streaming algorithm to effectively track long duration flows. Our basic technique is to maintain only two Bloom filters at any given time. In each time duration, only old flows that appear in the current time duration get copied to the current Bloom filter. Our basic algorithm is further enhanced by sampling. Using real network traces, we show that our tracking algorithm is very accurate with low false positive and false negative probabilities. Using multi-faceted analysis, we show that more than 50\\% of hosts participating in long duration flows (duration no less than 30 minutes) are blacklisted by various public sources.","PeriodicalId":259639,"journal":{"name":"2010 Proceedings IEEE INFOCOM","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"47","resultStr":"{\"title\":\"Tracking Long Duration Flows in Network Traffic\",\"authors\":\"Aiyou Chen, Yu Jin, Jin Cao\",\"doi\":\"10.1109/INFCOM.2010.5462244\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose the tracking of long duration flows as a new network measurement primitive. Long-duration flows are characterized by their long lived nature in time, and may not have high traffic volumes. We propose an efficient data streaming algorithm to effectively track long duration flows. Our basic technique is to maintain only two Bloom filters at any given time. In each time duration, only old flows that appear in the current time duration get copied to the current Bloom filter. Our basic algorithm is further enhanced by sampling. Using real network traces, we show that our tracking algorithm is very accurate with low false positive and false negative probabilities. Using multi-faceted analysis, we show that more than 50\\\\% of hosts participating in long duration flows (duration no less than 30 minutes) are blacklisted by various public sources.\",\"PeriodicalId\":259639,\"journal\":{\"name\":\"2010 Proceedings IEEE INFOCOM\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-03-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"47\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Proceedings IEEE INFOCOM\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INFCOM.2010.5462244\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Proceedings IEEE INFOCOM","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFCOM.2010.5462244","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 47

摘要

我们提出了长时间流跟踪作为一种新的网络测量原语。长时间流的特点是它们在时间上的寿命长，可能不会有很高的流量。我们提出了一种高效的数据流算法来有效地跟踪长时间流。我们的基本技术是在任何给定时间只维护两个Bloom过滤器。在每个持续时间中，只有出现在当前持续时间中的旧流才会被复制到当前Bloom过滤器中。我们的基本算法通过采样进一步增强。通过实际的网络跟踪，我们证明了我们的跟踪算法是非常准确的，具有低的假阳性和假负概率。通过多方面的分析，我们发现超过50%的参与长时间流量(持续时间不少于30分钟)的主机被各种公共来源列入黑名单。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Tracking Long Duration Flows in Network Traffic

We propose the tracking of long duration flows as a new network measurement primitive. Long-duration flows are characterized by their long lived nature in time, and may not have high traffic volumes. We propose an efficient data streaming algorithm to effectively track long duration flows. Our basic technique is to maintain only two Bloom filters at any given time. In each time duration, only old flows that appear in the current time duration get copied to the current Bloom filter. Our basic algorithm is further enhanced by sampling. Using real network traces, we show that our tracking algorithm is very accurate with low false positive and false negative probabilities. Using multi-faceted analysis, we show that more than 50\% of hosts participating in long duration flows (duration no less than 30 minutes) are blacklisted by various public sources.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 Proceedings IEEE INFOCOM

自引率

0.00%

发文量