Applying a new TCP Protocol Machine for Network Monitoring
スポンサーリンク
概要
- 論文の詳細を見る
In the Internet, flow analysis and network monitoring have been studied by various methods. Some methods tried to make TCP traces more readable by showing them graphically. Others such as MRTG, NetScope, and NetFlow read the traffic counters of the routers and record the data for traffic engineering. Even all of the above methods are useful, but they are made only to perform a single task. This paper describes an improved TCP Protocol Machine, a multipurpose tool that can be used for flow analysis, intrusion detection and link congestion monitoring. It is developed based on the finite state machine (automaton). The machine separates the flows into two main groups. If a flow can be mapped to the set of the input symbols of automaton, it is valid, otherwise is invalid. It can be observed that intruders' attacks are easily detected by the use of the protocol machine. Also link congestion can be monitored, by measuring the percentage of valid to total number of flows. We demonstrate the capability of this tool through measurement and working examples.
- 一般社団法人情報処理学会の論文
- 2002-10-10
著者
-
Goto Shigeki
Graduate School Of Science And Engineering Waseda University
-
KHOSRAVI Heshmatollah
Graduate School of Science and Engineering, Waseda University
-
Khosravi Heshmatollah
Graduate School Of Science And Engineering Waseda University
関連論文
- Applying a new TCP Protocol Machine for Network Monitoring
- Applying a new TCP Protocol Machine for Network Monitoring