Toward empirical IP host traffic measurement in passive network measurement

• Any use you make of these documents or images must be for research or private study purposes only, and you may not make them available to any other person. • Authors control the copyright of their thesis. You will recognise the author's right to be identified as the author of this thesis, and due acknowledgement will be made to the author where appropriate. • You will obtain the author's permission before publishing any material from their thesis.

[1]  Nevil Brownlee Some Observations of Internet Stream Lifetimes , 2005, PAM.

[2]  Hyogon Kim,et al.  Real-time visualization of network attacks on high-speed links , 2004, IEEE Network.

[3]  Sally Floyd,et al.  On inferring TCP behavior , 2001, SIGCOMM 2001.

[4]  Scott Shenker,et al.  On the characteristics and origins of internet flow rates , 2002, SIGCOMM.

[5]  Klaus Mochalski,et al.  Packet Delay and Loss at the Auckland Internet Access Path , 2002 .

[6]  George C. Polyzos,et al.  A Parameterizable Methodology for Internet Traffic Flow Profiling , 1995, IEEE J. Sel. Areas Commun..

[7]  Nevil Brownlee,et al.  On the Variability of Internet Host Interactions , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[8]  Greg Goth Traffic Management Becoming High-Priority Problem , 2008, IEEE Internet Computing.

[9]  Michalis Faloutsos,et al.  Profiling the End Host , 2007, PAM.

[10]  Nevil Brownlee,et al.  A Methodology for Finding Significant Network Hosts , 2007 .

[11]  kc claffy,et al.  The nature of the beast: Recent traffic measurements from an Internet backbone , 1998 .

[12]  Kimberly C. Claffy,et al.  Their Share: Diversity and Disparity in IP Traffic , 2004, PAM.

[13]  Nevil Brownlee,et al.  Streams, Flows and Torrents , 2001 .

[14]  Konstantina Papagiannaki,et al.  Structural analysis of network traffic flows , 2004, SIGMETRICS '04/Performance '04.

[15]  Dina Katabi,et al.  Inferring Congestion Sharing and Path Characteristics from Packet Interarrival Times , 2001 .

[16]  Alan Kai-Hau Yeung,et al.  On the modeling of WWW request arrivals , 1999, Proceedings of the 1999 ICPP Workshops on Collaboration and Mobile Computing (CMC'99). Group Communications (IWGC). Internet '99 (IWI'99). Industrial Applications on Network Computing (INDAP). Multime.

[17]  Fuchun Sun,et al.  A probability-guaranteed adaptive timeout algorithm for high-speed network flow detection , 2005, Comput. Networks.

[18]  Kensuke Fukuda,et al.  The impact and implications of the growth in residential user-to-user traffic , 2006, SIGCOMM 2006.

[19]  Carsten Lund,et al.  Estimating flow distributions from sampled flow statistics , 2003, SIGCOMM '03.

[20]  Chen-Nee Chuah,et al.  Unveiling facebook: a measurement study of social network based applications , 2008, IMC '08.

[21]  Paul Barford,et al.  Learning network structure from passive measurements , 2007, IMC '07.

[22]  Grenville J. Armitage,et al.  Training on multiple sub-flows to optimise the use of Machine Learning classifiers in real-world IP networks , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[23]  kc claffy,et al.  DNS Root/gTLD Performance Measurements , 2001 .

[24]  Oliver Spatscheck,et al.  Accurate, scalable in-network identification of p2p traffic using application signatures , 2004, WWW '04.

[25]  Alexander Clemm,et al.  Network Management Fundamentals , 2006 .

[26]  Konstantina Papagiannaki,et al.  A pragmatic definition of elephants in internet backbone traffic , 2002, IMW '02.

[27]  Robert Beverly,et al.  A Robust Classifier for Passive TCP/IP Fingerprinting , 2004, PAM.

[28]  Christophe Diot,et al.  Traffic matrix estimation: existing techniques and new directions , 2002, SIGCOMM 2002.

[29]  Pablo Rodriguez,et al.  I tube, you tube, everybody tubes: analyzing the world's largest user generated content video system , 2007, IMC '07.

[30]  R. Nowak,et al.  Toward a Model for Source Addresses of Internet Background Radiation , 2006 .

[31]  Philippe Owezarski,et al.  Modeling Internet backbone traffic at the flow level , 2003, IEEE Trans. Signal Process..

[32]  Nevil Brownlee,et al.  Internet Measurement , 2004, IEEE Internet Comput..

[33]  Mooi Choo Chuah,et al.  Packetscore: statistics-based overload control against distributed denial-of-service attacks , 2004, IEEE INFOCOM 2004.

[34]  Sam H. Noh,et al.  Traffic Characterization of the Web Server Attacks of Worm Viruses , 2003, International Conference on Computational Science.

[35]  Anja Feldmann,et al.  Characteristics of TCP Connection Arrivals , 2002 .

[36]  Masayuki Murata,et al.  Analysis of network traffic and its application to design of high-speed routers , 2000 .

[37]  DongJin Lee,et al.  Host measurement of network traffic , 2007, 2007 Australasian Telecommunication Networks and Applications Conference.

[38]  John Heidemann,et al.  On the correlation of Internet flow characteristics , 2003 .

[39]  Carey L. Williamson,et al.  The Extensive Challenges of Internet Application Measurement , 2007, IEEE Network.

[40]  Balachander Krishnamurthy,et al.  Internet Measurement - Infrastructure, Traffic, and Applications , 2006 .

[41]  Michalis Faloutsos,et al.  Long-range dependence ten years of Internet traffic modeling , 2004, IEEE Internet Computing.

[42]  Anja Feldmann,et al.  Measurement and analysis of IP network usage and behavior , 2000, IEEE Commun. Mag..

[43]  James Won-Ki Hong,et al.  Towards automated application signature generation for traffic identification , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[44]  M. H. MacGregor,et al.  On Temporal Locality in IP Address Sequences , 2003 .

[45]  Zhi-Li Zhang,et al.  Identifying and tracking suspicious activities through IP gray space analysis , 2007, MineNet '07.

[46]  Michalis Faloutsos,et al.  Is P2P dying or just hiding? [P2P traffic measurement] , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[47]  Kensuke Fukuda,et al.  Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures , 2007, LSAD '07.

[48]  Shingo Ata,et al.  Fast, Accurate, and Lightweight Real-Time Traffic Identification Method Based on Flow Statistics , 2007, PAM.

[49]  Kulsoom Abdullah,et al.  Passive visual fingerprinting of network attack tools , 2004, VizSEC/DMSEC '04.

[50]  James Won-Ki Hong,et al.  A Hybrid Approach for Accurate Application Traffic Identification , 2006, 2006 4th IEEE/IFIP Workshop on End-to-End Monitoring Techniques and Services.

[51]  Anirban Mahanti,et al.  Traffic classification using clustering algorithms , 2006, MineNet '06.

[52]  Hyoung-Kee Choi,et al.  A behavioral model of Web traffic , 1999, Proceedings. Seventh International Conference on Network Protocols.

[53]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[54]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[55]  James Won-Ki Hong,et al.  Application‐Level Traffic Monitoring and an Analysis on IP Networks , 2005 .

[56]  Renata Teixeira,et al.  Early Recognition of Encrypted Applications , 2007, PAM.

[57]  Michalis Faloutsos,et al.  Transport layer identification of P2P traffic , 2004, IMC '04.

[58]  Kun-Chan Lan,et al.  Rapid model parameterization from traffic measurements , 2002, TOMC.

[59]  Saikat Guha,et al.  How healthy are today's enterprise networks? , 2008, IMC '08.

[60]  Azer Bestavros,et al.  Changes in Web client access patterns: Characteristics and caching implications , 1999, World Wide Web.

[61]  M. Frans Kaashoek,et al.  Proceedings of the General Track: 2003 Usenix Annual Technical Conference Role Classification of Hosts within Enterprise Networks Based on Connection Patterns , 2022 .

[62]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[63]  Donald F. Towsley,et al.  An information-theoretic approach to network monitoring and measurement , 2005, IMC '05.

[64]  Alessandro Vespignani,et al.  Structural analysis of behavioral networks from the Internet , 2008 .

[65]  Anthony McGregor,et al.  Flow Clustering Using Machine Learning Techniques , 2004, PAM.

[66]  Kun-Chan Lan,et al.  A measurement study of correlations of Internet flow characteristics , 2006, Comput. Networks.

[67]  Patrice Abry,et al.  The impact of the flow arrival process in Internet traffic , 2003, 2003 IEEE International Conference on Acoustics, Speech, and Signal Processing, 2003. Proceedings. (ICASSP '03)..

[68]  Eddie Kohler,et al.  Observed structure of addresses in IP traffic , 2006, TNET.

[69]  Abhishek Kumar,et al.  Data streaming algorithms for efficient and accurate estimation of flow size distribution , 2004, SIGMETRICS '04/Performance '04.

[70]  George F. Riley,et al.  Empirical Models of TCP and UDP End-User Network Traffic from NETI@home Data Analysis , 2006, 20th Workshop on Principles of Advanced and Distributed Simulation (PADS'06).

[71]  Maurizio Dusi,et al.  Traffic classification through simple statistical fingerprinting , 2007, CCRV.

[72]  Karim Mohammed Rezaul,et al.  An overview of long-range dependent network traffic engineering and analysis: characteristics, simulation, modelling and control , 2007, Valuetools 2007.

[73]  Parameswaran Ramanathan,et al.  Packet-dispersion techniques and a capacity-estimation methodology , 2004, IEEE/ACM Transactions on Networking.

[74]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[75]  Zhi-Li Zhang,et al.  Profiling internet backbone traffic: behavior models and applications , 2005, SIGCOMM '05.

[76]  Renata Teixeira,et al.  Traffic classification on the fly , 2006, CCRV.

[77]  A. Odlyzko,et al.  Internet growth: is there a Moore's law for data traffic? , 2000 .

[78]  Jian Gong,et al.  Investigation on the IP Flow Inter-Arrival Time in Large-Scale Network , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[79]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[80]  Patrick D. McDaniel,et al.  Analysis of Communities of Interest in Data Networks , 2005, PAM.

[81]  B. Plattner,et al.  Flow-Based Identification of P2P Heavy-Hitters , 2006, International Conference on Internet Surveillance and Protection (ICISP’06).

[82]  Fernando Silveira,et al.  Detectability of Traffic Anomalies in Two Adjacent Networks , 2007, PAM.

[83]  Byeong-Hee Roh,et al.  Effects of long-range dependence of VBR video traffic on queueing performances , 1997, GLOBECOM 97. IEEE Global Telecommunications Conference. Conference Record.

[84]  Arthur G. Bedeian,et al.  On the Use of the Coefficient of Variation as a Measure of Diversity , 2000 .

[85]  Paul Barford,et al.  Characteristics of network traffic flow anomalies , 2001, IMW '01.

[86]  Konstantina Papagiannaki,et al.  Long-term forecasting of Internet backbone traffic , 2005, IEEE Transactions on Neural Networks.

[87]  Ramesh Govindan,et al.  Census and survey of the visible internet , 2008, IMC '08.

[88]  Hao Jiang,et al.  Source-level IP packet bursts: causes and effects , 2003, IMC '03.

[89]  Zhi-Li Zhang,et al.  Adaptive packet sampling for flow volume measurement , 2002, CCRV.

[90]  Vinod Yegneswaran,et al.  Characteristics of internet background radiation , 2004, IMC '04.

[91]  K. Ishibashi,et al.  Effect of sampling rate and monitoring granularity on anomaly detectability , 2007, 2007 IEEE Global Internet Symposium.

[92]  Sally Floyd,et al.  Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[93]  Andrew W. Moore,et al.  A Machine Learning Approach for Efficient Traffic Classification , 2007, 2007 15th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems.

[94]  kc claffy,et al.  Measuring the Immeasurable: Global Internet Measurement Infrastructure , 2001 .

[95]  Carey L. Williamson,et al.  An analysis of TCP reset behaviour on the internet , 2005, CCRV.

[96]  Kevin Jeffay,et al.  What TCP/IP protocol headers can tell us about the web , 2001, SIGMETRICS '01.

[97]  Sebastian Zander,et al.  Automated traffic classification and application identification using machine learning , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[98]  George Varghese,et al.  Network monitoring using traffic dispersion graphs (tdgs) , 2007, IMC '07.

[99]  Gilbert Babin,et al.  Application-Layer Traffic Analysis of a Peer-to-Peer System , 2008, IEEE Internet Computing.

[100]  Steven M. Bellovin,et al.  A technique for counting natted hosts , 2002, IMW '02.

[101]  Vern Paxson,et al.  Empirically derived analytic models of wide-area TCP connections , 1994, TNET.

[102]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[103]  Raj Jain,et al.  Packet Trains-Measurements and a New Model for Computer Network Traffic , 1986, IEEE J. Sel. Areas Commun..

[104]  Tony McGregor,et al.  Path diagnosis with IPMP , 2004, NetT '04.

[105]  U. Fano Ionization Yield of Radiations. II. The Fluctuations of the Number of Ions , 1947 .

[106]  Murray Pearson,et al.  High precision traffic measurement , 2002 .

[107]  Richard Nelson,et al.  Analysis of long duration traces , 2005, CCRV.

[108]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[109]  Nevil Brownlee,et al.  Passive measurement of one-way and two-way flow lifetimes , 2007, CCRV.

[110]  Konstantina Papagiannaki,et al.  Impact of flow dynamics on traffic engineering design principles , 2004, IEEE INFOCOM 2004.

[111]  Kimberly C. Claffy,et al.  Comparison of Public End-to-End Bandwidth Estimation Tools on High-Speed Links , 2005, PAM.

[112]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[113]  Allen B. Downey,et al.  Evidence for long-tailed distributions in the internet , 2001, IMW '01.

[114]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[115]  J. Crowcroft,et al.  Using Packet Symmetry to Curtail Malicious Traffic , 2005 .

[116]  A. L. Narasimha Reddy,et al.  Statistical techniques for detecting traffic anomalies through packet header data , 2008, TNET.

[117]  Martín Casado,et al.  Peering Through the Shroud: The Effect of Edge Opacity on IP-Based Client Identification , 2007, NSDI.

[118]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1995, CCRV.

[119]  M. O. Lorenz,et al.  Methods of Measuring the Concentration of Wealth , 1905, Publications of the American Statistical Association.

[120]  George Varghese,et al.  New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice , 2003, TOCS.

[121]  Sajal K. Das,et al.  Fast Classification and Estimation of Internet Traffic Flows , 2007, PAM.

[122]  Riccardo Gusella,et al.  Characterizing the Variability of Arrival Processes with Indexes of Dispersion , 1991, IEEE J. Sel. Areas Commun..

[123]  Azer Bestavros,et al.  Self-similarity in World Wide Web traffic: evidence and possible causes , 1996, SIGMETRICS '96.

[124]  Andrew Tomkins,et al.  The Web and Social Networks , 2002, Computer.

[125]  Alex C. Snoeren,et al.  PRIMED: community-of-interest-based DDoS mitigation , 2006, LSAD '06.

[126]  George Varghese,et al.  Building a better NetFlow , 2004, SIGCOMM 2004.

[127]  Roger P. Karrer TCP Prediction for Adaptive Applications , 2007 .

[128]  Liang Guo,et al.  The war between mice and elephants , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[129]  Walter Willinger,et al.  Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level , 1997, TNET.

[130]  Xenofontas A. Dimitropoulos,et al.  Probabilistic lossy counting: an efficient algorithm for finding heavy hitters , 2008, CCRV.

[131]  Mark E. Crovella,et al.  Effect of traffic self-similarity on network performance , 1997, Other Conferences.

[132]  Hans-Werner Braun,et al.  Internet Flow Characterization: Adaptive Timeout Strategy and Statistical Modeling , 2001 .

[133]  Vern Paxson,et al.  Strategies for sound internet measurement , 2004, IMC '04.

[134]  Nevil Brownlee,et al.  A T-Entropy Analysis of the Slammer Worm Outbreak , 2005 .