Telecommunication Systems

, Volume 37, Issue 1–3, pp 71–84

Integrating heterogeneous network monitoring data

  • Chi Zhang
  • Bin Liu
  • Xun Su
  • Heidi Alvarez
  • Julio Ibarra
Article

DOI: 10.1007/s11235-008-9073-5

Cite this article as:
Zhang, C., Liu, B., Su, X. et al. Telecommun Syst (2008) 37: 71. doi:10.1007/s11235-008-9073-5

Abstract

In this paper, we investigate the integration of heterogeneous network monitoring data. Specifically, we will synchronize and integrate flow-level records, exemplified by Cisco NetFlow, and packet-level traces, exemplified by NLANR PMA. The integration can facilitate cross-validation and complementary utility. However, finding the correspondences of timestamps/flows/packets between the PMA and Netflow is non-trivial, because they have different levels of granularity, different sampling strategy, different time sources, and different IP address masking. To integrate heterogeneous monitoring data, we first synchronize their timestamps, and then match their masked IP addresses. Our key observation is that although the IP addresses are masked, some other header fields can be exploited to match different types of monitoring data. In order to reduce the search space and the processing overhead, we have adopted a top-down approach to limit the search scope, and iterative algorithms to reduce the matching errors step by step.

Keywords

Heterogeneous network monitoring data NetFlow PMA 

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Chi Zhang
    • 1
  • Bin Liu
    • 2
  • Xun Su
    • 3
  • Heidi Alvarez
    • 4
  • Julio Ibarra
    • 4
  1. 1.Juniper NetworksSunnyvaleUSA
  2. 2.MicrosoftRedmondUSA
  3. 3.Fulcrum MicrosystemsCalabasasUSA
  4. 4.Center for Internet Augmented Research and AssessmentFlorida International UniversityMiamiUSA

Personalised recommendations