Title :
A Traffic Analysis Using Cardinalities and Header Information
Author :
Shomura, Yusuke ; Yoshida, Kenichi ; Sato, Akira ; Matsumoto, Satoshi ; Itano, Kozo
Author_Institution :
Univ. of Tsukuba, Tsukuba, Japan
Abstract :
Recently, the variety and vastness of computer networks have increased rapidly. To keep networks stable and reliable, network administrators have to understand the nature of network traffic flows. We have developed a cardinality-analysis method that analyzes cardinalities in TCP/IP headers. The cardinalities can be used to detect abnormal traffic such as DDoS attacks and Internet worms. However there is much unclassified traffic remaining. In this paper, we propose further analysis that consists of two parts: 1) select service port numbers and 2) analyze the volume of inflow and outflow for each service along with packet sizes. The method proposed can analyze the behavior of hosts and services in detail. We applied the proposed analysis to the traffic captured at the University of Tsukuba´s campus network and demonstrated the ability of classifying services into four groups: download type, upload type, both way type, and control or real time communication type, which normally can´t be classified by cardinality analysis.
Keywords :
computer network management; computer network security; telecommunication traffic; University of Tsukuba´s campus network; cardinality-analysis; computer networks; download-upload type; header information; network administrators; network traffic flows; packet sizes; select service port numbers; traffic analysis; unclassified traffic; Cardinality; Network Management; Packet Size; Traffic Monitoring;
Conference_Titel :
Networking and Computing (ICNC), 2010 First International Conference on
Conference_Location :
Higashi-Hiroshima
Print_ISBN :
978-1-4244-8918-3
Electronic_ISBN :
978-0-7695-4277-5
DOI :
10.1109/IC-NC.2010.36
