NetFlow Data Artifacts

From SimpleWiki
Revision as of 14:27, 25 January 2013 by Hofstede (talk | contribs)
Jump to navigationJump to search

In the paper 'Measurement Artifacts in NetFlow Data' we have analyzed the presence and impact of measurement artifacts in NetFlow data from six flow exporters. Abstract of the paper:

Flows provide an aggregated view of network traffic by grouping streams of packets. The resulting scalability gain usually excuses the coarser data granularity, as long as the flow data reflects the actual network traffic faithfully. However, it is known that the flow export process may introduce artifacts in the exported data. This paper extends the set of known artifacts by explaining which implementation decisions are causing them. In addition, we verify the artifacts' presence in data from a set of widely-used devices. Our results show that the revealed artifacts are widely spread among different devices from various vendors. We believe that these results provide researchers and operators with important insights for developing robust analysis applications.