[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New telemetry system ideas

Subject: New telemetry system ideas
From: cmisa at cs.uoregon.edu (Chris Misa)
Date: Mon, 14 Oct 2019 10:04:52 -0700

I am a researcher working on developing a new switch-based on-the-fly 
telemetry system that takes a flow chart as input to describe a 
particular detection task (rather than just features or information 
elements as in IPFIX). For an example of what I mean by "flow chart" see 
the figure here: 
https://ieeexplore.ieee.org/mediastore_new/IEEE/content/media/8048782/8048856/8048939/8048939-fig-4-source-hires.gif.

Might anyone have pointers to a source of more such flow charts?

The other issue I'm worried about is that it might take a couple rounds 
before an event is detected (since the system has to step through the 
flow chart and possibly look at different traffic features in the 
process). What is a typical duration of the types of events people might 
want to catch with a telemetry system like this? Do these kind of events 
generate the same type of traffic throughout their durations, or do 
traffic features change as the event progresses?

Thanks!

Chris

Prev by Date: IP Geolocation
Next by Date: IP Geolocation
Previous by thread: IP Geolocation
Next by thread: .COM Zone DNSSEC Operational Update -- ZSK length change
Index(es):
- Date
- Thread