EventFlow: Network Flow Aggregation Based on User Actions
| Authors | |
|---|---|
| Year of publication | 2016 |
| Type | Article in Proceedings |
| Conference | IEEE/IFIP Network Operations and Management Symposium 2016 (NOMS 2016) |
| Citation | |
| Doi | http://dx.doi.org/10.1109/NOMS.2016.7502895 |
| Field | Informatics |
| Keywords | network; flow; monitoring; application |
| Attached files | |
| Description | Network flow monitoring is being supplemented with an application flow visibility to provide more detailed information about network traffic. However, the current concept of flows does not provide a mechanism to keep track of semantic relations between individual flows that are created as a part of a single user action. We propose an extension to the flow measurement, called EventFlow, which allows to preserve relations between HTTP and DNS application flows that are a part of single user action, most typically browsing a web page. We describe an architecture of the EventFlow extension and its limitations. A prototype implementation of the EventFlow is introduced and evaluated on a packet trace from an ISP network. We show that a significant number of flow records can be recognised as a part of a single user action. |