Title :
A Method for Analyzing Network Traffic Using Cardinality Information in Firewall Logs
Author :
Matsumoto, Satoshi ; Sato, Akira ; Shinjo, Yasushi ; Nakai, Hisashi ; Itano, Kozo ; Shomura, Yusuke ; Yoshida, Kenichi
Author_Institution :
Univ. of Tsukuba, Tsukuba, Japan
Abstract :
Recently, the variety and vastness in networks have increased rapidly. To keep networks stable and reliable, network administrators have to understand the nature of network traffic flows. In this paper, we propose a method to analyze network traffic using firewall logs. The characteristics of our method are 1) the use of the aggregate flow information, and 2) the use of cardinality information of aggregate flows. Here, the cardinality information shows the number of servers/clients, and contributes to finding P2P software and Intranet viruses. The experimental results confirm that the session level cardinality information acquired by the proposed method can find P2P software and other types of applications.
Keywords :
client-server systems; computer network management; computer network reliability; computer network security; computer viruses; peer-to-peer computing; telecommunication traffic; Intranet virus; P2P software; firewall log; network administrator; network reliability; network traffic analysis; peer-to-peer computing; session level cardinality information; Aggregates; Algorithm design and analysis; Electronics packaging; IP networks; Internet; Servers; Software; Cardinality; Network Monitoring;
Conference_Titel :
Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-7526-1
Electronic_ISBN :
978-0-7695-4107-5
DOI :
10.1109/SAINT.2010.98
