Learn More
It is commonly believed that file sharing traffic on the Internet is mostly generated by peer-to-peer applications. However, we show that HTTP based file sharing services are also extremely popular. We analyzed the traffic of a large research and education network for three months, and observed that a large fraction of the inbound HTTP traffic corresponds(More)
Counting the number of flows present in network traffic is not trivial, given that the naive approach of using a hash table to track the active flows is too slow for the current backbone network speeds. Several algorithms have been proposed in the recent literature that can calculate an approximate count using small amount of memory and few memory accesses(More)
Monitoring and mining real-time network data streams is crucial for managing and operating data networks. The information that network operators desire to extract from the network traffic is of different size, granularity and accuracy depending on the measurement task (e.g., relevant data for capacity planning and intrusion detection are very different). To(More)
The traffic classification problem has recently attracted the interest of both network operators and researchers. Several machine learning (ML) methods have been proposed in the literature as a promising solution to this problem. Surprisingly , very few works have studied the traffic classification problem with Sampled NetFlow data. However, Sampled NetFlow(More)
Sampling techniques are often used for traffic monitoring in high-speed links in order to avoid saturation of network resources. Although there is a wide existing research dealing with anomaly detection , few studies analyzed the impact of sampling on the performance of portscan detection algorithms. In this paper, we performed several experiments on two(More)
—Detecting network traffic anomalies is crucial for network operators as it helps to identify security incidents and to monitor the availability of networked services. Although anomaly detection has received significant attention in the literature, the automatic classification of network anomalies still remains an open problem. In this paper, we introduce a(More)
Finding the root-cause of a network security anomaly is essential for network operators. In our recent work, we introduced a generic technique that uses frequent itemset mining to automatically extract and summarize the traffic flows causing an anomaly. Our evaluation using two different anomaly detectors (including a commercial one) showed that our(More)
Application identification in network traffic has recently become a hard challenge for network operators. In this paper, we face this problem with Sampled NetFlow data, which is an extended scenario but scarcely investigated. We present an application identification method that, although being slightly less accurate (≈90%) than previous packet-based(More)
During the last years, the Advanced Broadband Communications Center (CCABA) of the UPC has been involved in several projects related to Internet traffic monitoring and analysis in the Spanish National Research and Education Network (RedIRIS), namely CASTBA, MEHARI [1] and MIRA [2, 3]. As a result of such an experience, a new traffic monitoring and analysis(More)