Signature-Aware Traffic Monitoring with IPFIX

13 years 8 months ago
Signature-Aware Traffic Monitoring with IPFIX
Traffic monitoring is essential for accounting user traffic and detecting anomaly traffic such as Internet worms or P2P file sharing applications. Since typical Internet traffic monitoring tools use only TCP/UDP/IP header information, they cannot effectively classify diverse application traffic, because TCP or UDP port numbers could be used by different applications. Moreover, under the recent deployment of firewalls that permits only a few allowed port numbers, P2P or other non-well-known applications could use the well-known port numbers. Hence, a port-based traffic measurement scheme may not provide the correct traffic monitoring results. On the other hand, traffic monitoring has to report not only the general statistics of traffic usage but also anomaly traffic such as exploiting traffic, Internet worms, and P2P traffic. Particularly, the anomaly traffic can be more precisely identified when packet payloads are inspected to find signatures. Regardless of correct packet-level measur...
Youngseok Lee, Seongho Shin, Taeck-Geun Kwon
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Authors Youngseok Lee, Seongho Shin, Taeck-Geun Kwon
Comments (0)