An Enhanced Netflow Data Collection System

Abstract: Netflow-based network traffic analysis is one of today's mainstream network traffic monitoring and analysis techniques. However, port-based traffic identification that employed in Netflow-based protocol analysis is inaccurate. Netflow cannot provide enough details for analysis of site access behaviour. In order to overcome the above limitation, we propose an enhanced Netflow data collection method combining packet capturing and flow technique for accurate application identification. Then we design and implemen… Show more

“…Due to the continuous growth of Internet applications, standard ports are no longer used; instead, they have been moved towards a web-based frontend or have used dynamic ports [2]. Consequently, this method becomes inaccurate when identifying applications and typical performance ranges between 30 and 70%, depending on the mix of traffic, and this includes a number of applications to be identified [12]. Following from the improvement in processing power, deep packet inspection (DPI) [13] was then the preferred choice, as it identifies signatures of applications or protocols based on the content of the packets.…”

Using Burstiness for Network Applications Classification

“…Due to the continuous growth of Internet applications, standard ports are no longer used; instead, they have been moved towards a web-based frontend or have used dynamic ports [2]. Consequently, this method becomes inaccurate when identifying applications and typical performance ranges between 30 and 70%, depending on the mix of traffic, and this includes a number of applications to be identified [12]. Following from the improvement in processing power, deep packet inspection (DPI) [13] was then the preferred choice, as it identifies signatures of applications or protocols based on the content of the packets.…”

Using Burstiness for Network Applications Classification

AI/ML for beyond 5G systems: Concepts, technology enablers & solutions