EventFlow: Network Flow Aggregation Based on User Actions
| Autoři | |
|---|---|
| Rok publikování | 2016 |
| Druh | Článek ve sborníku |
| Konference | IEEE/IFIP Network Operations and Management Symposium 2016 (NOMS 2016) |
| Citace | |
| Doi | https://doi.org/10.1109/NOMS.2016.7502895 |
| Obor | Informatika |
| Klíčová slova | network; flow; monitoring; application |
| Přiložené soubory | |
| Popis | Network flow monitoring is being supplemented with an application flow visibility to provide more detailed information about network traffic. However, the current concept of flows does not provide a mechanism to keep track of semantic relations between individual flows that are created as a part of a single user action. We propose an extension to the flow measurement, called EventFlow, which allows to preserve relations between HTTP and DNS application flows that are a part of single user action, most typically browsing a web page. We describe an architecture of the EventFlow extension and its limitations. A prototype implementation of the EventFlow is introduced and evaluated on a packet trace from an ISP network. We show that a significant number of flow records can be recognised as a part of a single user action. |