Consistency of Network Traffic Repositories: An Overview

E. Lastdrager, E.E.H. Lastdrager, Aiko Pras

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

10 Downloads (Pure)

Abstract

Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps��?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.
Original languageUndefined
Title of host publicationProceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009)
Place of PublicationHeidelberg
PublisherSpringer
Pages173-178
Number of pages6
ISBN (Print)978-3-642-02626-3
DOIs
Publication statusPublished - 1 Jul 2009
Event3rd International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009 - Enschede, Netherlands
Duration: 30 Jun 20092 Jul 2009
Conference number: 3

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume5637
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference3rd International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009
Abbreviated titleAIMS 2009
CountryNetherlands
CityEnschede
Period30/06/092/07/09

Keywords

  • METIS-263927
  • EWI-15720
  • IR-67813

Cite this

Lastdrager, E., Lastdrager, E. E. H., & Pras, A. (2009). Consistency of Network Traffic Repositories: An Overview. In Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009) (pp. 173-178). [10.1007/978-3-642-02627-0_15] (Lecture Notes in Computer Science; Vol. 5637). Heidelberg: Springer. https://doi.org/10.1007/978-3-642-02627-0_15
Lastdrager, E. ; Lastdrager, E.E.H. ; Pras, Aiko. / Consistency of Network Traffic Repositories: An Overview. Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009). Heidelberg : Springer, 2009. pp. 173-178 (Lecture Notes in Computer Science).
@inproceedings{c0cea360a6114153a9b37af35b58e2a3,
title = "Consistency of Network Traffic Repositories: An Overview",
abstract = "Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been {\"i}¬‚owing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of {\^a}€œfake gaps{\"i}¿½{\"i}¿½?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.",
keywords = "METIS-263927, EWI-15720, IR-67813",
author = "E. Lastdrager and E.E.H. Lastdrager and Aiko Pras",
note = "10.1007/978-3-642-02627-0_15",
year = "2009",
month = "7",
day = "1",
doi = "10.1007/978-3-642-02627-0_15",
language = "Undefined",
isbn = "978-3-642-02626-3",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "173--178",
booktitle = "Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009)",

}

Lastdrager, E, Lastdrager, EEH & Pras, A 2009, Consistency of Network Traffic Repositories: An Overview. in Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009)., 10.1007/978-3-642-02627-0_15, Lecture Notes in Computer Science, vol. 5637, Springer, Heidelberg, pp. 173-178, 3rd International Conference on Autonomous Infrastructure, Management and Security, AIMS 2009, Enschede, Netherlands, 30/06/09. https://doi.org/10.1007/978-3-642-02627-0_15

Consistency of Network Traffic Repositories: An Overview. / Lastdrager, E.; Lastdrager, E.E.H.; Pras, Aiko.

Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009). Heidelberg : Springer, 2009. p. 173-178 10.1007/978-3-642-02627-0_15 (Lecture Notes in Computer Science; Vol. 5637).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - Consistency of Network Traffic Repositories: An Overview

AU - Lastdrager, E.

AU - Lastdrager, E.E.H.

AU - Pras, Aiko

N1 - 10.1007/978-3-642-02627-0_15

PY - 2009/7/1

Y1 - 2009/7/1

N2 - Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps��?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.

AB - Traffc repositories with TCP/IP header information are very important for network analysis. Researchers often assume that such repositories reliably represent all traffc that has been flowing over the network; little thoughts are made regarding the consistency of these repositories. Still, for various reasons, the trafc capturing process may have missed packets. For certain kinds of analysis, for example loss measurements, such inconsistencies may lead to the wrong conclusions. This paper proposes an algorithm to detect such inconsistencies, using the idea of “fake gaps��?. A prototype has been developed, and used to test two well-known repositories: the WIDE and Simpleweb repositories. The paper shows that both repositories contain several inconsistencies.

KW - METIS-263927

KW - EWI-15720

KW - IR-67813

U2 - 10.1007/978-3-642-02627-0_15

DO - 10.1007/978-3-642-02627-0_15

M3 - Conference contribution

SN - 978-3-642-02626-3

T3 - Lecture Notes in Computer Science

SP - 173

EP - 178

BT - Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009)

PB - Springer

CY - Heidelberg

ER -

Lastdrager E, Lastdrager EEH, Pras A. Consistency of Network Traffic Repositories: An Overview. In Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS 2009). Heidelberg: Springer. 2009. p. 173-178. 10.1007/978-3-642-02627-0_15. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-642-02627-0_15