Loading...
Please wait, while we are loading the content...
Classifying Internet One-way Traffic (2012)
| Content Provider | CiteSeerX |
|---|---|
| Author | Glatz, Eduard Dimitropoulos, Xenofontas |
| Description | Internet background radiation (IBR) is a very interesting piece of Internet traffic as it is the result of attacks and misconfigurations. Previous work primarily analyzed IBR traffic to large unused IP address blocks called network tele-scopes. In this work, we build new techniques for monitor-ing one-way traffic in live networks with the main goals of 1) expanding our understanding of this interesting type of traffic towards live networks as well as of 2) making it useful for detecting and analyzing the impact of outages. Our first contribution is a classification scheme for dissecting one-way traffic into useful classes, including one-way traffic due to un-reachable services, scanning, peer-to-peer applications, and backscatter. Our classification scheme is helpful for moni-toring IBR traffic in live networks solely based on flow-level data. After thoroughly validating our classifier, we use it to analyze a massive data-set that covers 7.41 petabytes of traffic from a large backbone network to shed light into the composition of one-way traffic. We find that the main sources of one-way traffic are malicious scanning, peer-to-peer applications, and outages. In addition, we report a number of interesting observations including that one-way traffic makes a very large fraction, i.e., between 34 % and 67%, of the total number of flows to the monitored network, although it only accounts for 3.4 % of the number of pack-ets on average, which suggests a new conceptual model for Internet traffic in which IBR traffic is dominant in terms of flows. Finally, we demonstrate the utility of one-way traffic of the particularly interesting class of unreachable services for monitoring network and service outages by analyzing the impact of interesting events we detected in the network of our university. 1. |
| File Format | |
| Language | English |
| Publisher Date | 2012-01-01 |
| Publisher Institution | in Proceedings of ACM ICM |
| Access Restriction | Open |
| Subject Keyword | Internet One-way Traffic Interesting Observation Massive Data-set Moni-toring Ibr Traffic Traffic Towards Monitor-ing One-way Traffic Internet Background Radiation First Contribution Network Tele-scopes Total Number Un-reachable Service One-way Traffic Large Backbone Network Monitored Network Main Source Useful Class Peer-to-peer Application Ibr Traffic Live Network Large Unused Ip Address Block New Technique Previous Work Interesting Event Interesting Piece Unreachable Service Large Fraction New Conceptual Model Internet Traffic Flow-level Data Main Goal Service Outage Classification Scheme Interesting Type Interesting Class |
| Content Type | Text |
| Resource Type | Article |
