Applying a new TCP Protocol Machine for Network Monitoring

概要

論文の詳細を見る
In the Internet, flow analysis and network monitoring have been studied by various methods. Some methods tried to make TCP traces more readable by showing them graphically. Others such as MRTG, NetScope, and NetFlow read the traffic counters of the routers and record the data for traffic engineering. Even all of the above methods are useful, but they are made only to perform a single task. This paper describes an improved TCP Protocol Machine, a multipurpose tool that can be used for flow analysis, intrusion detection and link congestion monitoring. It is developed based on the finite state machine (automaton). The machine separates the flows into two main groups. If a flow can be mapped to the set of the input symbols of automaton, it is valid, otherwise is invalid. It can be observed that intruders' attacks are easily detected by the use of the protocol machine. Also link congestion can be monitored, by measuring the percentage of valid to total number of flows. We demonstrate the capability of this tool through measurement and working examples.
一般社団法人情報処理学会の論文
2002-10-10