UTM Lab meeting: Network Monitoring

The five main driver applications for network monitoring are:

Monitoring Usage-based accounting is one of the target applications required by usage-based billing-systems. In accordance to the tariff model we need to perform accounting per flow

Traffic profiling, measurements captured over a long period of time can be used to track and anticipate network growth and usage. Such Information is valuable for trend analysis and network planning.

Traffic engineering, aims at the optimization of network resource utilization and traffic performance.

Attack and intrusion detection are among the main target applications for network monitoring. The number of metrics useful for attack detection is as diverse as attack patterns themselves. Attackers adapt rapidly to circumvent detection methods and try to hide attack patterns using slow or stealth attacks.

QoS monitoring is the passive observation of the transmission quality for single flows or traffic aggregates in the network. One example of its use is the verification of the conformance of the QoS guarantees in service level agreements (SLAs).

The main challenges for this subject are how to perform the measurements for all these applications without been very intrusive i.e. injecting a lot of packets into to networking in order to get the required metrics. Another important issue is the information entropy; the idea is to have reliable measurements results with less information and also reuse the same sample for several applications. This can be achieved by adopting sampling techniques, i.e. instead of capturing all the information we only capture a subset that assures reliable measurements.