Salvi, Dario and Mazzariello, Claudio and Oliviero, Francesco and D'Antonio, Salvatore (2005) A Distributed multi-purpose IP flow monitor. In: 3° International Workshop on Internet Performance, Simulation, Monitoring and Measurement IPS-MoMe, 14-15 March 2005, Warsaw, Poland.Full text not available from this repository.
|Item Type:||Conference or Workshop Item (Lecture)|
|Uncontrolled Keywords:||traffic measurements, IP flow monitoring, Last Recently Used caching, Traffic profiling, Intrusion detection|
|Date Deposited:||19 Feb 2007|
|Last Modified:||30 Apr 2014 19:22|
Traffic monitoring is a research field whose results can be exploited for several purposes, such as network resource management, security and accounting. An effective monitor needs to be capable of analyzing the traffic flowing through the monitored network by losing as few packets as possible since packet loss may result in a non accurate measurement of the required metrics. Such a monitor captures the packets from the network, associates each packet to a flow by evaluating its characteristics, performs some flow measurements, and exports the results of data analysis. In high speed networks such tasks might be hard to accomplish in an efficient way, as the number of analyzed flows is very high. For this reason, we decided to design and implement a distributed monitoring system comprising several components each responsible for a different task. Such a distributed approach helps overcome the problem of an overloaded monitoring system. Furthermore, distributed systems need an appropriate protocol, that defines the kind as well as the sequence of messages exchanged between system components. In this paper we present both the monitoring architecture and the corresponding management protocol. Finally, in order for the monitoring system to support different kinds of applications, we developed an open framework allowing a user to define a customized set of metrics.
Actions (login required)