PORTO @ Archivio Istituzionale della Ricerca

Much of Internet traffic modeling, firewall, and intrusion detection research requires traces where some ground truth regarding application and protocol is associated with each packet or flow. This paper presents the design, development and experimental evaluation of gt, an open source software toolset for associating ground truth information with Internet traffic traces. By probing the monitored host’s kernel to obtain information on active Internet sessions, gt gathers ground truth at the application level. Preliminary exper- imental results show that gt’s effectiveness comes at little cost in terms of overhead on the hosting machines. Furthermore, when coupled with other packet inspection mechanisms, gt can derive ground truth not only in terms of applications (e.g., e-mail), but also in terms of protocols (e.g., SMTP vs. POP3).

GT: Picking up the Truth from the Ground for Internet Traffic / Gringoli, F; Salgarelli, L; Dusi, M; Cascarano, Niccolo'; Risso, FULVIO GIOVANNI OTTAVIO; Claffy, K. C.. - In: COMPUTER COMMUNICATION REVIEW. - ISSN 0146-4833. - 39:5(2009), pp. 13-18. [10.1145/1629607.1629610]

GT: Picking up the Truth from the Ground for Internet Traffic

CASCARANO, NICCOLO';RISSO, FULVIO GIOVANNI OTTAVIO;
2009

Abstract

Much of Internet traffic modeling, firewall, and intrusion detection research requires traces where some ground truth regarding application and protocol is associated with each packet or flow. This paper presents the design, development and experimental evaluation of gt, an open source software toolset for associating ground truth information with Internet traffic traces. By probing the monitored host’s kernel to obtain information on active Internet sessions, gt gathers ground truth at the application level. Preliminary exper- imental results show that gt’s effectiveness comes at little cost in terms of overhead on the hosting machines. Furthermore, when coupled with other packet inspection mechanisms, gt can derive ground truth not only in terms of applications (e.g., e-mail), but also in terms of protocols (e.g., SMTP vs. POP3).
2009
COMPUTER COMMUNICATION REVIEW
1.1 Articolo in rivista
File in questo prodotto:
File Dimensione Formato  
09CCR-GT.pdf

accesso aperto

Tipologia: 1. Preprint / submitted version [pre- review]
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 357.02 kB
Formato Adobe PDF
Visualizza/Apri
357.02 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2281783
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo