Title :
An aggregation technique for traffic monitoring
Author :
Cho, Kenjiro ; Kaizaki, Ryo ; Kato, Akira
Abstract :
This paper presents an aggregation technique targeted for near real-time, long-term, and wide-area traffic monitoring. Our technique, called aguri, adapts itself to spatial traffic distribution by aggregating small volume flows into aggregates, and achieves temporal aggregation by creating a summary of summaries applying the same algorithm to its outputs. A set of scripts are used for archiving and visualizing summaries in different time scales. For near real-time monitoring, our prototype implementation employs a Patricia tree and a variant of the LRU replacement policy to limit memory use and search time with variable length keys. The algorithm is fairly insensitive to parameter settings and network conditions. Aguri does not need a predefined rule set and is capable of detecting an unexpected increase of unknown protocols or DoS attacks, which considerably simplifies the task of network monitoring. We have been monitoring the WIDE backbone network using aguri, and found it useful for network operation
Keywords :
Internet; computer network management; telecommunication traffic; wide area networks; LRU replacement policy; WIDE backbone network; aggregation technique; aguri; near real-time monitoring; spatial traffic distribution; temporal aggregation; traffic monitoring; wide-area traffic monitoring; Aggregates; Computer crime; Condition monitoring; Filters; IP networks; Protocols; Prototypes; Spine; Telecommunication traffic; Visualization;
Conference_Titel :
Applications and the Internet (SAINT) Workshops, 2002. Proceedings. 2002 Symposium on
Conference_Location :
Nara
Print_ISBN :
0-7695-1450-2
DOI :
10.1109/SAINTW.2002.994556
