2002 Symposium on Applications and the Internet Workshops (SAINT 2002 Workshops)
An Aggregation Technique for Traffic Monitoring
Narar City, Nara, Japan
January 28-February 01
ISBN: 0-7695-1450-2
Kenjiro Cho, WIDE Project
Ryo Kaizaki, WIDE Project
Akira Kato, WIDE Project
This paper presents an aggregation technique targeted for near real-time, long-term, and wide-area traffic monitoring. Our technique, called aguri, adapts itself to spatial traffic distribution by aggregating small volume flows into aggregates, and achieves temporal aggregation by creating a summary of summaries applying the same algorithm to its outputs. A set of scripts are used for archiving and visualizing summaries in different time scales.For near real-time monitoring, our prototype implementation employs a Patricia tree and a variant of the LRU replacement policy to limit memory use and search time with variable length keys. The algorithm is fairy insensitive to parameter settings and network conditions.Aguri does not need a predefined rule set and is capable of detecting an unexpected increase of unknown protocols or DoS attacks, which considerably simplifies the task of network monitoring. We have been monitoring the WIDE backbone network using aguri, and found it useful for network operation.
Index Terms:
traffic monitoring, aggregation, flow-based profiling
