Abstract
Current high-speed links become a challenge to traditional real-time analysis of IP traffic. Major research was done in finding sampling methods for IP packets and IP flows in order to reduce the amount of data that needs to be processed while keeping a high level of result accuracy. Although sampling proves to be a promising approach, there may be application sce-narios foreseen, in which decisions may not be based on sampled data, e.g., usage based charging or intrusion detection systems. This paper proposes a distributed architecture for collecting, analysing and storing of IP traffic data. This approach aims to provide a high level of automation, self-configuration, and self-healing so that new nodes may be easily added or removed to/from the analysis network. The proposed solution makes use of unused processing power existing in the network (such as customer’s PCs of an ISP) to achieve real-time analysis of IP traffic for high-speed network links.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Estan, C., Varghese, G.: New directions in traffic measurement and accounting. In: ACM SIGCOMM Internet Measurement Workshop, San Francisco, USA, pp. 75–80 (November 2001)
Szeby, T.: Statistical Sampling for Non-Intrusive Measurements in IP Networks, Ph. D. Thesis, Technische Universität Berlin, Universitätsbibliothek (Diss.-Stelle), Fakultät IV– Elektrotechnik und Informatik (2005)
Duffield, N.G., Grossglauser, M.: Trajectory sampling for direct traffic observation. IEEE/ACM Transactions on Networking 9(3), 280–292 (2001)
Mao, Y., Chen, K., Wang, D., Zheng, W.: Cluster-based online monitoring system of web traffic. In: 3rd International Workshop on Web information and data management, Atlanta, Georgia, USA, pp. 47–53 (November 09-01, 2001)
Kitatsuji, Y., Yamazaki, K.: A distributed real-time tool for IP-flow measurement, International Symposium on Applications and the Internet, Tokyo, Japan, pp. 91–98 (January 26-30, 2004)
Han, S. -H., Kim, M.-S. Ju, H.-T., Hong, J. W.-K.: The Architecture of NGMON: A Passive Network Monitoring System for High-Speed IP Networks. In: 13th IFIP/ IEEE International Workshop on Distributed Systems: Operations and Management, Mon-treal, Canada, pp. 16–27 (October 21-23, 2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Morariu, C., Stiller, B. (2007). A Distributed Architecture for IP Traffic Analysis. In: Bandara, A.K., Burgess, M. (eds) Inter-Domain Management. AIMS 2007. Lecture Notes in Computer Science, vol 4543. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72986-0_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-72986-0_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72985-3
Online ISBN: 978-3-540-72986-0
eBook Packages: Computer ScienceComputer Science (R0)