RelSamp: Preserving application structure in sampled flow measurements

M. Lee, M. Hajjat, R. R. Kompella, S. Rao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

The Internet has significantly evolved in the number and variety of applications. Network operators need mechanisms to constantly monitor and study these applications. Given modern applications routinely consist of several flows, potentially to many different destinations, existing measurement approaches such as Sampled NetFlow sample only a few flows per application session. To address this issue, in this paper, we introduce RelSamp architecture that implements the notion of related sampling where flows that are part of the same application session are given higher probability. In our evaluation using real traces, we show that RelSamp achieves 5-10x more flows per application session compared to Sampled NetFlow for the same effective number of sampled packets. We also show that behavioral and statistical classification approaches such as BLINC, SVM and C4.5 achieve up to 50% better classification accuracy compared to Sampled NetFlow, while not breaking existing management tasks such as volume estimation.
Original languageEnglish
Title of host publicationINFOCOM, 2011 Proceedings IEEE
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages2354-2362
Number of pages9
ISBN (Print)978-1-4244-9919-9
DOIs
Publication statusPublished - 1 Apr 2011

Keywords / Materials (for Non-textual outputs)

  • Internet
  • statistical analysis
  • RelSamp
  • application structure
  • sampled NetFlow
  • sampled flow measurements
  • statistical classification
  • Accuracy
  • Estimation
  • IP networks
  • Inspection
  • Monitoring
  • Random variables

Fingerprint

Dive into the research topics of 'RelSamp: Preserving application structure in sampled flow measurements'. Together they form a unique fingerprint.

Cite this