Consistency of Network Traffic Repositories: An Overview

Elmer Lastdrager; Aiko Pras

doi:10.1007/978-3-642-02627-0_15

Consistency of Network Traffic Repositories: An Overview

Elmer Lastdrager, Aiko Pras

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

15 Downloads (Pure)

Abstract

Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been ï¬‚owing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of â€œfake gapsï¿½ï¿½?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.

Original language	English
Title of host publication	Scalability of Networks and Services
Subtitle of host publication	Third International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009 Enschede, The Netherlands, June 30 - July 2, 2009: Proceedings
Place of Publication	Heidelberg
Publisher	Springer
Pages	173-178
Number of pages	6
ISBN (Electronic)	978-3-642-02627-0
ISBN (Print)	978-3-642-02626-3
DOIs	https://doi.org/10.1007/978-3-642-02627-0_15
Publication status	Published - 1 Jul 2009
Event	3rd International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009 - Enschede, Netherlands Duration: 30 Jun 2009 → 2 Jul 2009 Conference number: 3

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer Verlag
Volume	5637
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	3rd International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009
Abbreviated title	AIMS 2009
Country/Territory	Netherlands
City	Enschede
Period	30/06/09 → 2/07/09

Access to Document

10.1007/978-3-642-02627-0_15

Cite this

Lastdrager, E., & Pras, A. (2009). Consistency of Network Traffic Repositories: An Overview. In Scalability of Networks and Services: Third International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009 Enschede, The Netherlands, June 30 - July 2, 2009: Proceedings (pp. 173-178). (Lecture Notes in Computer Science; Vol. 5637). Springer. https://doi.org/10.1007/978-3-642-02627-0_15

@inproceedings{c0cea360a6114153a9b37af35b58e2a3,

title = "Consistency of Network Traffic Repositories: An Overview",

abstract = "Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been {\"i}¬‚owing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of {\^a}€{\oe}fake gaps{\"i}¿½{\"i}¿½?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.",

author = "Elmer Lastdrager and Aiko Pras",

year = "2009",

month = jul,

day = "1",

doi = "10.1007/978-3-642-02627-0_15",

language = "English",

isbn = "978-3-642-02626-3",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "173--178",

booktitle = "Scalability of Networks and Services",

note = "3rd International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009, AIMS 2009 ; Conference date: 30-06-2009 Through 02-07-2009",

}

Lastdrager, E & Pras, A 2009, Consistency of Network Traffic Repositories: An Overview. in Scalability of Networks and Services: Third International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009 Enschede, The Netherlands, June 30 - July 2, 2009: Proceedings. Lecture Notes in Computer Science, vol. 5637, Springer, Heidelberg, pp. 173-178, 3rd International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009, Enschede, Netherlands, 30/06/09. https://doi.org/10.1007/978-3-642-02627-0_15

Consistency of Network Traffic Repositories: An Overview. / Lastdrager, Elmer; Pras, Aiko.

Scalability of Networks and Services: Third International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009 Enschede, The Netherlands, June 30 - July 2, 2009: Proceedings. Heidelberg : Springer, 2009. p. 173-178 (Lecture Notes in Computer Science; Vol. 5637).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Consistency of Network Traffic Repositories: An Overview

AU - Lastdrager, Elmer

AU - Pras, Aiko

N1 - Conference code: 3

PY - 2009/7/1

Y1 - 2009/7/1

N2 - Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been ï¬‚owing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of â€œfake gapsï¿½ï¿½?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.

AB - Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been ï¬‚owing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of â€œfake gapsï¿½ï¿½?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.

U2 - 10.1007/978-3-642-02627-0_15

DO - 10.1007/978-3-642-02627-0_15

M3 - Conference contribution

SN - 978-3-642-02626-3

T3 - Lecture Notes in Computer Science

SP - 173

EP - 178

BT - Scalability of Networks and Services

PB - Springer

CY - Heidelberg

T2 - 3rd International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009

Y2 - 30 June 2009 through 2 July 2009

ER -

Lastdrager E, Pras A. Consistency of Network Traffic Repositories: An Overview. In Scalability of Networks and Services: Third International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009 Enschede, The Netherlands, June 30 - July 2, 2009: Proceedings. Heidelberg: Springer. 2009. p. 173-178. (Lecture Notes in Computer Science). doi: 10.1007/978-3-642-02627-0_15

Consistency of Network Traffic Repositories: An Overview

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this