| Presentation | 2002/10/4 Applying a new TCP Protocol Machine for Network Monitoring Heshmatollah KHOSRAVI, Shigeki GOTO, |
|---|---|
| PDF Download Page | PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In the Internet, flow analysis and network monitoring have been studied by various methods. Some methods tried to make TCP traces more readable by showing them graphically. Others such as MRTG, NetScope, and NetFlow read the traffic counters of the routers and record the data for traffic engineering. Even all of the above methods are useful, but they are made only to perform a single task. This paper describes an improved TCP Protocol Machine, a multipurpose tool that can be used for flow analysis, intrusion detection and link congestion monitoring. It is developed based on the finite state machine (automaton). The machine separates the flows into two main groups. If a flow can be mapped to the set of the input symbols of automaton, it is valid, otherwise is invalid. It can be observed that intruders' attacks are easily detected by the use of the protocol machine. Also link congestion can be monitored, by measuring the percentage of valid to total number of flows. We demonstrate the capability of this tool through measurement and working examples. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | finite state machine (FSM) / finite automata / TCP Protocol Machine / valid flow / invalid flow / network congestion / intrusion detection |
| Paper # | IA2002-34 |
| Date of Issue |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2002/10/4(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Internet Architecture(IA) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Applying a new TCP Protocol Machine for Network Monitoring |
| Sub Title (in English) | |
| Keyword(1) | finite state machine (FSM) |
| Keyword(2) | finite automata |
| Keyword(3) | TCP Protocol Machine |
| Keyword(4) | valid flow |
| Keyword(5) | invalid flow |
| Keyword(6) | network congestion |
| Keyword(7) | intrusion detection |
| 1st Author's Name | Heshmatollah KHOSRAVI |
| 1st Author's Affiliation | Graduate School of Science and Engineering, Waseda University() |
| 2nd Author's Name | Shigeki GOTO |
| 2nd Author's Affiliation | Graduate School of Science and Engineering, Waseda University |
| Date | 2002/10/4 |
| Paper # | IA2002-34 |
| Volume (vol) | vol.102 |
| Number (no) | 362 |
| Page | pp.pp.- |
| #Pages | 8 |
| Date of Issue | |