Pere Barlet-Ros

Learn More
Monitoring and mining real-time network data streams is crucial for managing and operating data networks. The information that network operators desire to extract from the network traffic is of different size, granularity and accuracy depending on the measurement task (e.g., relevant data for capacity planning and intrusion detection are very different). To(More)
Sampling techniques are often used for traffic monitoring in high-speed links in order to avoid saturation of network resources. Although there is a wide existing research dealing with anomaly detection , few studies analyzed the impact of sampling on the performance of portscan detection algorithms. In this paper, we performed several experiments on two(More)
The traffic classification problem has recently attracted the interest of both network operators and researchers. Several machine learning (ML) methods have been proposed in the literature as a promising solution to this problem. Surprisingly , very few works have studied the traffic classification problem with Sampled NetFlow data. However, Sampled NetFlow(More)
It is commonly believed that file sharing traffic on the Internet is mostly generated by peer-to-peer applications. However, we show that HTTP based file sharing services are also extremely popular. We analyzed the traffic of a large research and education network for three months, and observed that a large fraction of the inbound HTTP traffic corresponds(More)
Finding the root-cause of a network security anomaly is essential for network operators. In our recent work, we introduced a generic technique that uses frequent itemset mining to automatically extract and summarize the traffic flows causing an anomaly. Our evaluation using two different anomaly detectors (including a commercial one) showed that our(More)
Application identification in network traffic has recently become a hard challenge for network operators. In this paper, we face this problem with Sampled NetFlow data, which is an extended scenario but scarcely investigated. We present an application identification method that, although being slightly less accurate (≈90%) than previous packet-based(More)
—Detecting network traffic anomalies is crucial for network operators as it helps to identify security incidents and to monitor the availability of networked services. Although anomaly detection has received significant attention in the literature, the automatic classification of network anomalies still remains an open problem. In this paper, we introduce a(More)
Although network security is a crucial aspect for network operators, there are still very few works that have examined the anomalies present in large backbone networks and evaluated the performance of existing anomaly detection solutions in operational environments. The objective of this work is to fill this gap by reporting hands-on experience in the(More)
Nowadays, there are many tools, which are being able to classify the traffic in computer networks. Each of these tools claims to have certain accuracy, but it is a hard task to asses which tool is better, because they are tested on various datasets. Therefore, we made an approach to create a dataset, which can be used to test all the traffic classifiers. In(More)
During the last years, the Advanced Broadband Communications Center (CCABA) of the UPC has been involved in several projects related to Internet traffic monitoring and analysis in the Spanish National Research and Education Network (RedIRIS), namely CASTBA, MEHARI [1] and MIRA [2, 3]. As a result of such an experience, a new traffic monitoring and analysis(More)