A Method for Analyzing Network Traffic Using Cardinality Information in Firewall Logs

Author

Matsumoto, Satoshi ; Sato, Akira ; Shinjo, Yasushi ; Nakai, Hisashi ; Itano, Kozo ; Shomura, Yusuke ; Yoshida, Kenichi

Author_Institution

Univ. of Tsukuba, Tsukuba, Japan

fYear

2010

fDate

19-23 July 2010

Firstpage

241

Lastpage

244

Abstract

Recently, the variety and vastness in networks have increased rapidly. To keep networks stable and reliable, network administrators have to understand the nature of network traffic flows. In this paper, we propose a method to analyze network traffic using firewall logs. The characteristics of our method are 1) the use of the aggregate flow information, and 2) the use of cardinality information of aggregate flows. Here, the cardinality information shows the number of servers/clients, and contributes to finding P2P software and Intranet viruses. The experimental results confirm that the session level cardinality information acquired by the proposed method can find P2P software and other types of applications.

Keywords

client-server systems; computer network management; computer network reliability; computer network security; computer viruses; peer-to-peer computing; telecommunication traffic; Intranet virus; P2P software; firewall log; network administrator; network reliability; network traffic analysis; peer-to-peer computing; session level cardinality information; Aggregates; Algorithm design and analysis; Electronics packaging; IP networks; Internet; Servers; Software; Cardinality; Network Monitoring;

fLanguage

English

Publisher

ieee

Conference_Titel

Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on

Conference_Location

Seoul

Print_ISBN

978-1-4244-7526-1

Electronic_ISBN

978-0-7695-4107-5

Type

conf

DOI

10.1109/SAINT.2010.98

Filename

5598132